pinkroose.yoo7.com/t2107-topic
301 Moved Permanently 0 B URL HTTP/1.1 pinkroose.yoo7.com/t2107-topic
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t2107-topic HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 16 Nov 2022 11:09:02 GMT
Content-Length: 0
Location: https://pinkroose.yoo7.com/t2107-topic
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7786cd9bd97e024b3a1d16215defaad2
786ddbb74b0b6bd9270622dbe0258d6caee407c1
9c297ccfd178eec7e472fb64a6b2e34d4c7a6dec32870f49982353e590196ba0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C297CCFD178EEC7E472FB64A6B2E34D4C7A6DEC32870F49982353E590196BA0"
Last-Modified: Mon, 14 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6717
Expires: Wed, 16 Nov 2022 13:00:59 GMT
Date: Wed, 16 Nov 2022 11:09:02 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 4fe5a11c3ca8a150aad830b739f24b58
898b730b1a66dd49c6f018333ba828410f63f347
2c3a2a8a3dfa29808bd550718025fdf355e4a88235cb50ae978abc00ee5fd23b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1706
Cache-Control: max-age=85831
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:02 GMT
Etag: "63736a6b-1d7"
Expires: Thu, 17 Nov 2022 10:59:33 GMT
Last-Modified: Tue, 15 Nov 2022 10:31:07 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c88bc06741ab9fb81c2544acfcc34aa2
362cab19cff5aba27f472cc00071d5dfa38192e4
314ba27975f458e13917b2be91c9d5989a3e57c9e94b5a84dd52d0e21d27ae7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "314BA27975F458E13917B2BE91C9D5989A3E57C9E94B5A84DD52D0E21D27AE7F"
Last-Modified: Mon, 14 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10975
Expires: Wed, 16 Nov 2022 14:11:57 GMT
Date: Wed, 16 Nov 2022 11:09:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 16 Nov 2022 10:44:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1470
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XYXKcRHAYeuu6RU6rBKi7ZbpSxvarXizKouwdSsCner2SIlvVd4PNvZ/lstbCDnCCIADedkTajA=
x-amz-request-id: 24BGMMC6XGA1XGS7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 16 Nov 2022 10:52:00 GMT
age: 1022
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3d1e4b4a3fe74a44c78ecf8b84d945bf
462f5a1146f9659eb82917c0bcbdce9d9cb9c427
bd0829d9ef31e5bf48b489ceb4b4aab3806bb80112fb1c5faa198c4681ebd755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD0829D9EF31E5BF48B489CEB4B4AAB3806BB80112FB1C5FAA198C4681EBD755"
Last-Modified: Tue, 15 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9804
Expires: Wed, 16 Nov 2022 13:52:26 GMT
Date: Wed, 16 Nov 2022 11:09:02 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash dcc00bba57387997a5fcab4a6863d1c7
9582c226b0c740dae8ff5b60bdb29d221b510e6a
46d2691133695e87d41331384ab964c0b13e24948d6d2f24235acf7e1366c246
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5278
Cache-Control: max-age=158157
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "637476fe-116"
Expires: Fri, 18 Nov 2022 07:05:00 GMT
Last-Modified: Wed, 16 Nov 2022 05:37:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash dcc00bba57387997a5fcab4a6863d1c7
9582c226b0c740dae8ff5b60bdb29d221b510e6a
46d2691133695e87d41331384ab964c0b13e24948d6d2f24235acf7e1366c246
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1762
Cache-Control: max-age=154641
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "637476fe-116"
Expires: Fri, 18 Nov 2022 06:06:24 GMT
Last-Modified: Wed, 16 Nov 2022 05:37:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash dcc00bba57387997a5fcab4a6863d1c7
9582c226b0c740dae8ff5b60bdb29d221b510e6a
46d2691133695e87d41331384ab964c0b13e24948d6d2f24235acf7e1366c246
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5278
Cache-Control: max-age=158157
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "637476fe-116"
Expires: Fri, 18 Nov 2022 07:05:00 GMT
Last-Modified: Wed, 16 Nov 2022 05:37:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2316d2d43aee9525cdb65b3eb2ff53a0
cad4229071cf919cb3471632ac4924cfd1a97431
99d5cce0549dbb29351735d3e15f9cde16b2ca18c57581c8110b2c54998fa28d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3dc58f0dcba4ac9021f62c5c1c862e91
d67cf5a8968b75d0d6893054f5201e015be19ecc
75d4e57dc6c25d2456a7513572a97de5f1c1caead2822c8a985da9b8dfa55f89
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3dc58f0dcba4ac9021f62c5c1c862e91
d67cf5a8968b75d0d6893054f5201e015be19ecc
75d4e57dc6c25d2456a7513572a97de5f1c1caead2822c8a985da9b8dfa55f89
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pinkroose.yoo7.com/%3Cdiv%20align=
301 Moved Permanently 178 B URL HTTP/2 pinkroose.yoo7.com/%3Cdiv%20align=
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /%3Cdiv%20align= HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/t2107-topic
Cookie: exadd=166861
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 16 Nov 2022 11:09:03 GMT
content-length: 178
location: https://pinkroose.yoo7.com/-div%20align=
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash dcc00bba57387997a5fcab4a6863d1c7
9582c226b0c740dae8ff5b60bdb29d221b510e6a
46d2691133695e87d41331384ab964c0b13e24948d6d2f24235acf7e1366c246
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5278
Cache-Control: max-age=158157
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "637476fe-116"
Expires: Fri, 18 Nov 2022 07:05:00 GMT
Last-Modified: Wed, 16 Nov 2022 05:37:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 727 B IP
Hash b277595b04bb6e957e56d437951ca91f
59734b49f1cf706898e34a0a218567ecf3b9ba84
a540aa1c10a344dc77014aeddc23522c26ea52a9a64cec915767462d7cd2b070
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6187
Cache-Control: max-age=114788
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "6373ca08-2d7"
Expires: Thu, 17 Nov 2022 19:02:11 GMT
Last-Modified: Tue, 15 Nov 2022 17:19:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 727
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Nov 2022 18:40:06 GMT
expires: Wed, 15 Nov 2023 18:40:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 59337
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash f86cf0bde12ef9b07967fa7bfdcd2db3
e2d2b277538fe878767964d21105c5e81283369f
9b9a5e9ce9933adc810851f84e2f083eb5d101f800ba5fe98ea1bcf0e4e934b3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2180
Cache-Control: max-age=126609
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "637407dc-138"
Expires: Thu, 17 Nov 2022 22:19:12 GMT
Last-Modified: Tue, 15 Nov 2022 21:42:52 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 312
2img.net/i/empty.gif
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3469817
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6Y5M4LnzLCTyavYck%2BXUx3jdWzfYMLm%2B%2FBms2HjO3Dqj%2BLv%2B1VGaBlHaslNFCp3uoOKVaMN7fjnNZqBQaxHXue4dQs6EHq5RtKVGwQx07scTjxbSAwW7JcK3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01fa273df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/onyx/icon_minitime.gif
200 OK 194 B URL HTTP/2 2img.net/i/fa/onyx/icon_minitime.gif
IP
File type GIF image data, version 89a, 12 x 9\012- data
Hash 45df8fa66cbcbc9f4d5de9d4aa6d6cbd
7907f257cb3b4caa16ecfd2df17538d3a3a5a428
22d8ca8b8455b3caf467b34df658773bb22bc9b628c6264e9c09d66585fdcac1
GET /i/fa/onyx/icon_minitime.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 194
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-c2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3467541
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bsZHlaeFOfLVOoPV5D8Q2kApz3S52SyWL18X6gsEbGISKPTMqw%2BDw2Mq2E2evJX%2FnX%2BhHt5qG00fAlsR3G57V2%2BiBboAYaRdkx1rPAUjPXvWk%2FihUbAckuw3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01fa373df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-144347007-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP
File type ASCII text, with very long lines (1921)
Hash 198264b4271ba569cd07136fa4124143
5996d6a89fcc6a5f3f9788d8bca0e944f9c920c0
22cceae71f33d76a5fb250c1988b4721843c6c2345574ff39e3ba4267416459e
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 16 Nov 2022 11:09:03 GMT
expires: Wed, 16 Nov 2022 11:09:03 GMT
cache-control: private, max-age=900
last-modified: Wed, 16 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43596
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=
200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=
IP
File type ASCII text, with very long lines (1921)
Hash 5e91a9ce7db6a8a949423364b197a4d2
ba60e16e79ebff041dcfc4ff140d3bb5debcfb41
80f8c4bcdc7887dd0804da6da62af9e78a0843862d359a111ab523fd0260dba1
GET /gtag/js?id= HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 16 Nov 2022 11:09:03 GMT
expires: Wed, 16 Nov 2022 11:09:03 GMT
cache-control: private, max-age=900
last-modified: Wed, 16 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 37465
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2img.net/s/t/10/63/45/i_icon_mini_index.gif
200 OK 37 kB URL HTTP/2 2img.net/s/t/10/63/45/i_icon_mini_index.gif
IP
File type GIF image data, version 89a, 90 x 40\012- data
Hash c5db4cfb79c303cab8474937bb28cbbe
992d05b15cd47f3e564995886037a332b082144a
712bad829395ea4d734e57b0f04e7be9c049ed735290b871f431f468bccd3e77
GET /s/t/10/63/45/i_icon_mini_index.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 37149
last-modified: Wed, 27 Oct 2010 14:29:58 GMT
etag: "4cc83766-911d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 93416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkAzFTp4uYi9rAmleFnl0mAcpniWjktUSOyz3xydDWP5pSokIH96tIOE%2FnOAfCGLj1FyQYq870iHUiCQUCij2KeqQYq6Sad3vr%2Bj5XUWkJstYEzFN4OQoZZ%2Blg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01f9f73df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/onyx/icon_minipost.gif
200 OK 123 B URL HTTP/2 2img.net/i/fa/onyx/icon_minipost.gif
IP
File type GIF image data, version 89a, 13 x 9\012- data
Hash aa8228d74277b9f62b121e890147f2ff
07cc94349e10bd67ac9528aa2253ab82413ef90c
680720ede87ae9d67b34e749086722e8e4936ead686685c0f1de87223d08bf4f
GET /i/fa/onyx/icon_minipost.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 123
last-modified: Mon, 16 May 2016 11:00:14 GMT
etag: "5739a83e-7b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3467541
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzfA0QgwbJZXKeJul8MXyqoEclhN6yLmYtvnstIxNr9uluVKrxsbeoq5pD%2FYP8NySGrQO72%2FGY5wUpj0lhX7kiB6GyIOlOR0He6AXrUxwI1DqrbyAXWYcamZiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01fa673df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2316d2d43aee9525cdb65b3eb2ff53a0
cad4229071cf919cb3471632ac4924cfd1a97431
99d5cce0549dbb29351735d3e15f9cde16b2ca18c57581c8110b2c54998fa28d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/s/t/10/63/45/i_icon_mini_login.gif
200 OK 37 kB URL HTTP/2 2img.net/s/t/10/63/45/i_icon_mini_login.gif
IP
File type GIF image data, version 89a, 90 x 40\012- data
Hash 569572af42b18305fd736b355e04b424
4ce746c4404f730610cfd516c0a987336d02da66
529a45ed8ef1da8a47b0b74fa6146782e183306aa0db959ae0bd7ba1b55d8810
GET /s/t/10/63/45/i_icon_mini_login.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 37068
last-modified: Wed, 27 Oct 2010 14:29:57 GMT
etag: "4cc83765-90cc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 107929
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFRVuP9pVhB1VSyL1RS786prAM49MW04nzi%2BAKkXDDaNlmmtgjZ38z39C%2BL7K3DUoNXKZ8UBJqo2yFw%2BccOD%2FNM%2BWZJMssDYz16rabLN9Qtsf1N5fuaX2oze2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01fa073df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/files.fatakat.com/2010/1/1264929220.gif
200 OK 26 kB URL HTTP/2 2img.net/h/files.fatakat.com/2010/1/1264929220.gif
IP
File type GIF image data, version 89a, 350 x 151\012- data
Hash 664b8c3e86f10be9153b4de9dff639d9
c73cc58467f1c256074fb4bc9372b91eb8a542ca
4b7ae4c1ab8f1fb3e817daeec03b67c88462a879a8e062de94ea24ece61208b2
GET /h/files.fatakat.com/2010/1/1264929220.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 26098
last-modified: Tue, 10 May 2016 07:40:45 GMT
etag: "5731907d-65f2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 107928
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2uFejELDQaugWMltn%2BE5WHFo1PwNOdYy0%2F66dbeIojq%2Fo1Zkw5UT1uMtXdB7D2DWJ3VinRi3f5OjZncna%2FsWxsyiYf42CcF6dZuQsinuEeQSQ%2BECYNYn%2B7J6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01fa773df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Last-Modified, ETag, Alert, Backoff, Content-Type, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 16 Nov 2022 10:25:01 GMT
cache-control: public,max-age=3600
age: 2642
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
2img.net/s/t/10/63/45/i_icon_mini_register.gif
200 OK 38 kB URL HTTP/2 2img.net/s/t/10/63/45/i_icon_mini_register.gif
IP
File type GIF image data, version 89a, 90 x 40\012- data
Hash 7d196ebb8a18af8a0823238d7fb7bb5d
c61069f4aebfc7100e50e85c6f620a7da57d94f2
e6ecf295db7aea550f4c771829ea613c10e1afd345e9f33a82ac515a06027684
GET /s/t/10/63/45/i_icon_mini_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: image/gif
content-length: 38333
last-modified: Wed, 27 Oct 2010 14:29:57 GMT
etag: "4cc83765-95bd"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 93416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSucbacBLI1Utp2ZK0iTy4%2BJ9YBN8MjBVfeuA5%2BlPadTQszEfdG%2BWF6oOQlU95bZrydGpv9F3O%2BrvPN3J4IRjx2CJaYzQmQtX%2Fj%2Bb3dEtiBHYj%2BlCgdF9o5JGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b01f9c73df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash abdbaa56ac358c53c5dc3723c7671381
48c0e50792e786d83b35f0a36efb55f4c94c694d
6e9cb55f14b8219b7495ed4cd17bae3f0ca6127735ed01d3c1979601ffeb7b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 8345d8a2ca46c3b181a81d8626d0425f
5d9d088c5dca072bbc9ad23a15450e7af7829400
663b0e6c239177f35b5b48d4203ce95aabc0e5bab7911f5b1d9fb7624cac2e25
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5694
Cache-Control: max-age=171178
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "6374a83b-1d7"
Expires: Fri, 18 Nov 2022 10:42:01 GMT
Last-Modified: Wed, 16 Nov 2022 09:07:07 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
pinkroose.yoo7.com/0-rtl.css
200 OK 55 kB URL HTTP/2 pinkroose.yoo7.com/0-rtl.css
IP
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 573da41f52cc38b1ed510d90b47ea70e
7841f3e943b11000c90eabed1d2601522e0d63ad
78bc3e69ff1e829d5376de80fe0ad381c64020de6a9b4d66dd6f8a0caa534d92
GET /0-rtl.css HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/t2107-topic
Cookie: exadd=166861
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: text/css
content-length: 54705
last-modified: Wed, 16 Nov 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: MISS
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
200 OK 42 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP
Hash 0f7638bdba34bff6e8d33a6121d275a8
63ff800b622c819c3d2aac202156b5be8adf1862
ba634de8d2c89eae3b1babf01aa7952e1cc592e1bc95423e81b67306bddc6700
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Thu, 17 Nov 2022 11:09:03 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 889cc7c0813143ec5fc52752b0981130
936b7676bb262750e5499d0168f8e75c25cf3760
476d45d2548fbd8df2770c6bdfb2a7557d01ec07c5698d2c6a93a58d6c5a50d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "476D45D2548FBD8DF2770C6BDFB2A7557D01EC07C5698D2C6A93A58D6C5A50D6"
Last-Modified: Sun, 13 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13305
Expires: Wed, 16 Nov 2022 14:50:48 GMT
Date: Wed, 16 Nov 2022 11:09:03 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 313 B IP
Hash 17e6999ad811515fb0ce54ee41c4880e
9ff8fa18312b4c66cd2c04b24a9bb36253f5a5ca
a1a827db6aec946a9ba526f38113fc27ed5406b1df08f66dc891086918157b9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 162
Cache-Control: max-age=86424
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "637372c5-139"
Expires: Thu, 17 Nov 2022 11:09:27 GMT
Last-Modified: Tue, 15 Nov 2022 11:06:45 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NHaFd3jql8XFg1VrsyS0Fw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KJKGxdoqDioy2Wwg9pmGArOc6SU=
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=pinkroose.yoo7.com&var=&ymid=&var_3=
200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=pinkroose.yoo7.com&var=&ymid=&var_3=
IP
File type JSON data\012- , ASCII text, with very long lines (757)
Hash cfaebf795dc619e2ab418e28eaa70c0a
589f61f4bd88ad229a5c27af9b44adbc5db943aa
94326e65961cf4be9109b5ae29f20bd832d8fa6feac82caf1773c886dadf65fc
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=pinkroose.yoo7.com&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: b6b67b19ed646f953586a2d0abaa8ba8
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 97b17c78c6d6fb52647dd455fe8f220e
476c85bc36b3debf22dd5b07d9349a7f12dd7d6e
2bdccc0f42817ef947d61ccf558212e24c3e5740f7e4af29b0acd1dd8a67f1f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 416
Cache-Control: max-age=110469
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:03 GMT
Etag: "6373cfb4-139"
Expires: Thu, 17 Nov 2022 17:50:12 GMT
Last-Modified: Tue, 15 Nov 2022 17:43:16 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=9_22lF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYaVVRcFJkcG9QSk5uelBvWnJ4QktwNA; expires=Mon, 11 Dec 2023 11:09:03 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 284391
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 242c70f7156a35008b468bc53223656c
5bb7a82134f6da679ada7ade414ed3dd7d1e613c
f4160ff727a9717accc785cfd4e71a2f4b5b72a32a0d3e53dc02a97ffb30e2e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2053
Cache-Control: max-age=170768
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:04 GMT
Etag: "6374b4db-138"
Expires: Fri, 18 Nov 2022 10:35:12 GMT
Last-Modified: Wed, 16 Nov 2022 10:00:59 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
200 OK 312 B IP
Hash 242c70f7156a35008b468bc53223656c
5bb7a82134f6da679ada7ade414ed3dd7d1e613c
f4160ff727a9717accc785cfd4e71a2f4b5b72a32a0d3e53dc02a97ffb30e2e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2046
Cache-Control: max-age=170761
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:04 GMT
Etag: "6374b4db-138"
Expires: Fri, 18 Nov 2022 10:35:05 GMT
Last-Modified: Wed, 16 Nov 2022 10:00:59 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 312
cdn.taboola.com/libtrc/forumotion-ar/loader.js
200 OK 25 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP
File type Unicode text, UTF-8 text, with very long lines (65498)
Hash 12e3f11f5c7a39662429c547b1f0aa85
86cd37e03036c92267f749a9b68f430632fbc354
a2c9cfbd943d10f5ecf49e03e4f65a87bd88ba52b7e5dad2da2c42b8c5d5f903
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qm005V9iB2dNEK5Wnk+NLzcdX6rSPAK+MTvnuanGUk72lRDL7CTrSJG4bIyhTSEPeshgUNCijUc=
x-amz-request-id: E93SE39F418BV8P0
last-modified: Tue, 15 Nov 2022 09:43:42 GMT
etag: "b8868fbd49a4476811909f0310af9bd2"
x-amz-version-id: Buabrv4ZIm_Xz2WU5pBdrdMj4DolqKyZ
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:04 GMT
via: 1.1 varnish
age: 55
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668596944.043202,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 38
content-length: 25261
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 16 Nov 2022 10:41:09 GMT
expires: Wed, 16 Nov 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 1675
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 1.8 kB IP
Hash 0e5f996e504b2ef8770db9e0506e8dc2
f7dc2b3b8c83c3674bf78b817d88e78c67428e0c
675fa8e91ff996041e69ea927af144474f9f9a9ef3a9185c95422b6e9dcf9afe
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://pinkroose.yoo7.com/
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://pinkroose.yoo7.com/
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a41a05f2ecd95a0860b06efc895cfab1
cef8280a176b9f987ac23519593460d96804b3db
548a87027ac7f505024bbfb6fe2d939ae733ccd1a6a4f0b48c1b5ff9fe01c884
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "548A87027AC7F505024BBFB6FE2D939AE733CCD1A6A4F0B48C1B5FF9FE01C884"
Last-Modified: Sun, 13 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4937
Expires: Wed, 16 Nov 2022 12:31:21 GMT
Date: Wed, 16 Nov 2022 11:09:04 GMT
Connection: keep-alive
cdn.viglink.com/api/vglnk.js
200 OK 29 kB URL HTTP/2 cdn.viglink.com/api/vglnk.js
IP
File type ASCII text, with very long lines (693)
Hash 072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e
GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 28567
date: Thu, 10 Nov 2022 22:10:33 GMT
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
etag: "072eaf64a771815874455704fca9301b"
cache-control: public, max-age=604800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 d07f455dc14de1d5060686170d34b904.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: O-l-NcrmT7au34oaBTrsE02SiBtLSuln928rn-uCxXVhI1-ImqBc2A==
age: 478712
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=6669902061
200 OK 159 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=206&cb=6669902061
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5123262779282812f9afaa545e6d9754
4702e7ea6d81977eb9431dbace6ea83bb5bad29d
de2e49e836637527b14134ce75248f4a24675fc3293583694bcd546868f644ee
POST /cdb?ptv=132&profileId=206&cb=6669902061 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 567
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://pinkroose.yoo7.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 159
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 77 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
Hash 2175d88a7c9932e76ed61a17c33547c8
ff277d5d944ac8c4f5b5b8e6ef46fb9c25e5c561
00f8a4325490cd1ed2e9220582f2b36e55d5e47cd7a209cf15fe1b11f571748c
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 101560
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/
Content-Type: application/json
Origin: https://pinkroose.yoo7.com
Content-Length: 461
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f29a2f0fe3c3e6ecc5ef7bf3c0bc8673
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.betgorebysson.club/apu.php?zoneid=3765907
200 OK 30 kB URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP
Hash 39b748034078c482c012bcd4f103306e
08e6741f4f1d0620f00e137c707e3a2b9d1d674d
96d10f6ef631fc0aa482f89fd6a64a0160db108decdb00db475e48313301321e
Analyzer Verdict Alert fortinet Malware
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/javascript
x-trace-id: d88ba6a555273c6782eadab2c5e7139a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3df2b87a9e7f42f6a3f673e531e5de85; expires=Thu, 16 Nov 2023 11:09:04 GMT; path=/; secure; SameSite=None
oaidts=1668596944; expires=Thu, 16 Nov 2023 11:09:04 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 7.7 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
Hash cc21387afe84efcf564bb3912b594494
2a203d06f359ebfaab41a4084acc3692cdab8040
4fe4a6b576382f714dc31dde5b84ee7e33f4b69b4f7c1320b532706bb110689e
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 72453
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
pinkroose.yoo7.com/images/icons-180.png
200 OK 6.1 kB URL HTTP/2 pinkroose.yoo7.com/images/icons-180.png
IP
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 6bbc173a2c7add9b97ed5fe2dea15269
2e00950d0813a6d995784905a90c5eb2041f05ee
689c95c5a53fd85782d965279cafd0c06042391eca615fe7e7f799e1bae5cc82
GET /images/icons-180.png HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/t2107-topic
Cookie: exadd=166861; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: image/png
content-length: 6055
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 16 Nov 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 657b1ebd9afcde3ce9cf72abaef1b691
1a80eee05a05fe45873b20f879ed84a1610c1662
8a267039e06c9346d5966fa8dda84beedbba9352eb32af800af3e70a01b8d6d2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 11:09:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 14 Nov 2022 06:25:20 GMT
Expires: Mon, 21 Nov 2022 06:25:19 GMT
Etag: "1a80eee05a05fe45873b20f879ed84a1610c1662"
Cache-Control: max-age=414374,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76afc5b63b390af6-OSL
my.rtmark.net/gid.js?userId=3df2b87a9e7f42f6a3f673e531e5de85
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=3df2b87a9e7f42f6a3f673e531e5de85
IP
File type JSON data\012- , ASCII text
Hash f6d769e4fd3cdf37462593cdb43be5cd
4799410c1ee99ea16005e51dfe71b616e72fdf8b
8d6254d3bf17475ed6b757766018202a6d1b66d6e0c084a4ae22947dd892ae94
GET /gid.js?userId=3df2b87a9e7f42f6a3f673e531e5de85 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3df2b87a9e7f42f6a3f673e531e5de85; expires=Thu, 16 Nov 2023 11:09:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 78fda0786272bab7ed8ca951c64603b2
ade126b44cc781c55a21f3d411942d6ef9c376a2
54c1fad8e9c064305b5a2f0a1051a8ee9bdf28ff39d6c101984aa6116c9bd1b4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 11:09:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 01:33:17 GMT
Expires: Tue, 22 Nov 2022 01:33:16 GMT
Etag: "ade126b44cc781c55a21f3d411942d6ef9c376a2"
Cache-Control: max-age=483251,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76afc5b6bbd80af6-OSL
connect.topicit.net/scripts/connect.js
200 OK 1.3 kB URL HTTP/2 connect.topicit.net/scripts/connect.js
IP
File type ASCII text, with very long lines (615)
Hash 9bf810bfffb5cc1e6b11c9a7c7c95ac9
7001fc094142199de36fb47be0c3b4a629f3c074
dd19cc4c42baf0b8b0137ab5718a187873f722b8ec2ae18d7fcdfefc40598b21
GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 1511
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1dWv%2BWXohaImTycENtmNnDvayP5ibuiYg0rhB4ogVUraq0DR406DQfdA5QHZzaFyY16BvDXHpMvYs9t5pk9oX2R%2FSJTXQz7JBBfPHA%2Bw68SasUPRLwqW38aWKP1LZ%2F9wb5Q4pn%2Fi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5b29986b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221115-5-RELEASE.js
200 OK 146 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221115-5-RELEASE.js
IP
File type ASCII text, with very long lines (65509)
Size 146 kB (146354 bytes)
Hash 47b4d0e6e62e8a901d54fde220ded8ca
495bc11bd1db955aef533de81a38500e4623e305
30d6d1841ff142fbf99121c4be3fa4a0ed9a0fd1e18a999e6ba58c3833c13142
GET /libtrc/impl.20221115-5-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: K2cxos157GrJ3zFrlj+Qpmbnc1Qj4HYjnOOE6e/sB8/SN9o0HeuQLDFDNyPICuuCVkUfirzq2yY=
x-amz-request-id: TSRVQ4GNQDDE87A7
last-modified: Tue, 15 Nov 2022 09:42:52 GMT
etag: "47b4d0e6e62e8a901d54fde220ded8ca"
content-encoding: br
x-amz-version-id: 9r.kgH1oPA45.PJzSXwIRg_e6d5H1blb
content-type: application/javascript
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:04 GMT
via: 1.1 varnish
age: 5107
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 2618
x-timer: S1668596945.639652,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 99
server: AmazonS3-br
content-length: 146354
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 68a04663a52ab4272c25f5afcc09a92d
48b0722227353d06cb1dfd4480b644be6e6fc030
892ba18611f372b6bf390d3628b66efc4a721f0f2bde61ae22546a0948935b7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&gjid=2033858914&_gid=546320303.1668596943&_u=YEBAAUAAAAAAACAAI~&z=1974472897
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&gjid=2033858914&_gid=546320303.1668596943&_u=YEBAAUAAAAAAACAAI~&z=1974472897
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&gjid=2033858914&_gid=546320303.1668596943&_u=YEBAAUAAAAAAACAAI~&z=1974472897 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://pinkroose.yoo7.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 16 Nov 2022 11:09:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 640a56fefbd4d5c465d71dc3b6bbb884
d98e46478032ef118a575bc5b840d1eafb0d314e
079cd049d9e3e2795e046a6ab614b3961916941d534efb5bc27dfca33e23ad5b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=166462
Date: Wed, 16 Nov 2022 11:09:04 GMT
Etag: "6374975a-1d7"
Expires: Fri, 18 Nov 2022 09:23:26 GMT
Last-Modified: Wed, 16 Nov 2022 07:55:06 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: x80dc_W-xAPpSOGbOnL8ML-WWfJOad6yvur6tvvdMzbE_z7sSX_j5Q==
Age: 5300
bidder.criteo.com/csm/events
204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 320
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 16 Nov 2022 11:09:04 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://pinkroose.yoo7.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 68a04663a52ab4272c25f5afcc09a92d
48b0722227353d06cb1dfd4480b644be6e6fc030
892ba18611f372b6bf390d3628b66efc4a721f0f2bde61ae22546a0948935b7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/ping
200 OK 259 B IP
File type ASCII text, with no line terminators
Hash ed31f2cdfea6f84311810ef547260ba0
909f425663d9f5b776facbbdfc7733bd03d0b21f
bf4b659b672ac9c9f39737877c43e8bc173d23859bed758a5b371bff647ee312
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 138
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://pinkroose.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Wed, 16 Nov 2022 11:09:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://pinkroose.yoo7.com/
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://pinkroose.yoo7.com
server-processing-duration-in-ticks: 636440
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.betgorebysson.club/?rb=qQ-2TyokFwAW_tEJ1QBVFBLHPXhBsGivFunBVYZpNoch1S3FcFwCt28xrn9hB7LrVK78c5P9L7IhrbmQU2lYnUOKqkGA6MiBKap3oIUfhhazS62utKR1uekE9UTTIbGS1UMP7o02V_FfU7tFRZXUr71k3nW7M-HNcbY_b4CngcZfNblKK6tfWMX0GGAqdFclhJbdgf7u7CTwtfZ5WaI82ZGk2rp6NnhOygMhO0xb4dASPWHq&request_ab2=0&zoneid=3765907&js_build=iclick-v1.448.3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.3&bs=bba2eb25-8122-45a1-8bae-2ee6711b5274&userId=3df2b87a9e7f42f6a3f673e531e5de85&m=link
200 OK 1.7 kB URL HTTP/2 cdn.betgorebysson.club/?rb=qQ-2TyokFwAW_tEJ1QBVFBLHPXhBsGivFunBVYZpNoch1S3FcFwCt28xrn9hB7LrVK78c5P9L7IhrbmQU2lYnUOKqkGA6MiBKap3oIUfhhazS62utKR1uekE9UTTIbGS1UMP7o02V_FfU7tFRZXUr71k3nW7M-HNcbY_b4CngcZfNblKK6tfWMX0GGAqdFclhJbdgf7u7CTwtfZ5WaI82ZGk2rp6NnhOygMhO0xb4dASPWHq&request_ab2=0&zoneid=3765907&js_build=iclick-v1.448.3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.3&bs=bba2eb25-8122-45a1-8bae-2ee6711b5274&userId=3df2b87a9e7f42f6a3f673e531e5de85&m=link
IP
File type JSON data\012- , ASCII text, with very long lines (2237), with no line terminators
Hash c861267bda18a680a4510f9626c62055
6c0232b8caa3e12ded03c5eecf3bc8eb47e8f92e
84fce6c6470e028ce80d71c3caf972b7fbdd5907157404e1f787e13645e03bc3
GET /?rb=qQ-2TyokFwAW_tEJ1QBVFBLHPXhBsGivFunBVYZpNoch1S3FcFwCt28xrn9hB7LrVK78c5P9L7IhrbmQU2lYnUOKqkGA6MiBKap3oIUfhhazS62utKR1uekE9UTTIbGS1UMP7o02V_FfU7tFRZXUr71k3nW7M-HNcbY_b4CngcZfNblKK6tfWMX0GGAqdFclhJbdgf7u7CTwtfZ5WaI82ZGk2rp6NnhOygMhO0xb4dASPWHq&request_ab2=0&zoneid=3765907&js_build=iclick-v1.448.3&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.3&bs=bba2eb25-8122-45a1-8bae-2ee6711b5274&userId=3df2b87a9e7f42f6a3f673e531e5de85&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Cookie: OAID=3df2b87a9e7f42f6a3f673e531e5de85; oaidts=1668596944
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/json
x-trace-id: 168bd159300ec0d810869b4b4baac98b
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3df2b87a9e7f42f6a3f673e531e5de85; expires=Thu, 16 Nov 2023 11:09:04 GMT; path=/; secure; SameSite=None
oaidts=1668596944; expires=Thu, 16 Nov 2023 11:09:04 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 23 Nov 2022 11:09:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A09%3A04.037&type=usage&msg=rtus&llvl=2&id=7025&cv=20221115-5-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A09%3A04.037&type=usage&msg=rtus&llvl=2&id=7025&cv=20221115-5-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A09%3A04.037&type=usage&msg=rtus&llvl=2&id=7025&cv=20221115-5-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 16 Nov 2022 11:09:04 GMT
x-fastly-to-nlb-rtt: 21983
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3a9734f9f93c8158e73e4491e35f56bd
e57dc6ee66918ae45ce20c6dea942d2e786ff17c
171dfb208dfcaa849595e79c07f998833a5560ae06c736f9f4c45f445e121ada
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5b80883a318b116e8b967c4e7c5fb219
4d7a8f63edad447a8b46f7816b950d90e01c7872
2b1bf5e0056b5d2dabc4a7ce5da47044293386d238e666abfa8c9c6d25da44aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.js?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Wed, 16 Nov 2022 11:09:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&_u=YEBAAUAAAAAAACAAI~&z=1256373754
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&_u=YEBAAUAAAAAAACAAI~&z=1256373754
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&_u=YEBAAUAAAAAAACAAI~&z=1256373754 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 16 Nov 2022 11:09:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&_u=YEBAAUAAAAAAACAAI~&z=1256373754
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&_u=YEBAAUAAAAAAACAAI~&z=1256373754
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=2009715753.1668596943&jid=859335072&_u=YEBAAUAAAAAAACAAI~&z=1256373754 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 16 Nov 2022 11:09:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Wed, 16 Nov 2022 11:09:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3a9734f9f93c8158e73e4491e35f56bd
e57dc6ee66918ae45ce20c6dea942d2e786ff17c
171dfb208dfcaa849595e79c07f998833a5560ae06c736f9f4c45f445e121ada
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9d9493125a22b98bd2ac3a1b11cc0a12
8334175b79551b1e0592f63eb606543c915983a2
a583076207a416f2ccbb70821bc5185bb6b8e86180221014638af5af3b34a7fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/
Content-Type: application/json
Origin: https://pinkroose.yoo7.com
Content-Length: 747
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ab1263cebb750d990ba58025c3ad83e3
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
api.viglink.com/api/domains
200 OK 41 B URL HTTP/1.1 api.viglink.com/api/domains
IP
File type ASCII text, with no line terminators
Hash 9f3aa355474c883eca010430c34660f5
2bc34514d8e78570170b4acf66229b48d0e80fec
fe869139614babd18df04ecd94fbb72dd3403d4ebfc9296752e50414a611fc63
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 255
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://pinkroose.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Wed, 16 Nov 2022 11:09:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7914
Expires: Wed, 16 Nov 2022 13:20:59 GMT
Date: Wed, 16 Nov 2022 11:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7914
Expires: Wed, 16 Nov 2022 13:20:59 GMT
Date: Wed, 16 Nov 2022 11:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7914
Expires: Wed, 16 Nov 2022 13:20:59 GMT
Date: Wed, 16 Nov 2022 11:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7914
Expires: Wed, 16 Nov 2022 13:20:59 GMT
Date: Wed, 16 Nov 2022 11:09:05 GMT
Connection: keep-alive
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
200 OK 9.3 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
Hash 4a70db868186bde1c310cead593cf66a
429241f9c039e69348479cda6f0ff048237a2116
1f13633322d4f4eb2466274e76937437431ccefb48b5b15b3e3ed8bae0d70dd5
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/
x-crto-bundle: 1wwiMl9vUWhkbUdrNEd2QXJiOFl5Z2lyMGkzSiUyQlk3MWxUbTljdHo4WUppcTUwOVljNDdlWGpvR25STiUyRmNlVVJVQUVhUzRwSzlPdTRQbjJyY09QSDZzb1QxVkJxUDZkMjZZcDg5MkVPQTJraUJubyUyQm1Ka3NIdzN4ZjZCOVk5bFpLYzNwQw
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://pinkroose.yoo7.com
server-processing-duration-in-ticks: 2113834
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549ca16b-d2d0-45a9-850e-91164999caac.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549ca16b-d2d0-45a9-850e-91164999caac.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 128129f63745c26d853b576607012d2b
3e2d1cd8d60c6c1c77e6a5ce164417490892cdeb
9efb7b49278d732d60560d50f41255ec0bce92f91cb16bee0f2eadf238dcf5aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549ca16b-d2d0-45a9-850e-91164999caac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10630
x-amzn-requestid: f350f881-20b7-4895-8e5a-52ae0b57844d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYEAEpNoAMF7-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406e6-4cef387432b65d1b316e8f44;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KnboCtVzCl0yRLYJmbGOa2rVuNC13ZkTxtaoCkM3Vo65FCiE2t3e_g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:47:49 GMT
age: 48076
etag: "3e2d1cd8d60c6c1c77e6a5ce164417490892cdeb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=pinkroose.yoo7.com
200 OK 11 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=pinkroose.yoo7.com
IP
Hash 509d2aa99f388cfc9ec3e7b0d5895f8f
0bd90f96c081c2a334272a7743d7bc00a79a21f0
68cdf7234829bf9b8674e46f41e80c1a6ad20caa1dc480a334bcb0241b5408a4
GET /syncframe?origin=rtus&topUrl=pinkroose.yoo7.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=9632d98a-a104-4a6c-889a-3ae308030217; expires=Mon, 11 Dec 2023 11:09:04 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 575848
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5zDWKjYmvVLCemXw5Swm2qkhw1mQtD5c07Fl7Krydo_XR5FFyHDu4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 07:11:21 GMT
age: 14264
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pinkroose.yoo7.com/?utm_source=pwa
200 OK 14 kB URL HTTP/2 pinkroose.yoo7.com/?utm_source=pwa
IP
Hash afa77a426ec15879c6b5aaa950b6d70d
d9e5912a67c4b5769d7acaf19aa12a4e5ba65ca6
f094de3cccaf1d491cca47378c1964b886de3b5b063bc1f509c9d55355d80fce
GET /?utm_source=pwa HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/serviceworker.js
Connection: keep-alive
Cookie: exadd=166861; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Wed, 16 Nov 2022 00:00:00 GMT
last-modified: Wed, 16 Nov 2022 11:09:03 GMT
vary: User-Agent
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30efee28-35ab-4b55-b685-02cbd4c5c8c8.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30efee28-35ab-4b55-b685-02cbd4c5c8c8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b31091803f98744f4da3b311467300a7
d829c5d23a494bc901d925dd02b84c470a0de479
c1cb88b82d8b5a82019da970f812cd31e13086c2da8498a21a57e7238aa34fe8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30efee28-35ab-4b55-b685-02cbd4c5c8c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8971
x-amzn-requestid: b5dd68c5-7146-4d31-a7fd-4ac4c474119a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bnb6bGeyoAMFV9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6372d9dc-2ca4003e65d69039389bc676;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 00:14:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8TqIvhJUq_yG_iMFds_btqtYsrNzoaZeIQgOP0-Kc60yuQFOPYEXRA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 09:48:03 GMT
age: 4862
etag: "d829c5d23a494bc901d925dd02b84c470a0de479"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53d2d9380ba28ed0656b54c22bc56766
757f8e6306effbab70d99757c5672564cfc9f623
6d6c41527ae28cdce016470ec1eb87e0ed384f3ef721838724f29845f3bd8dac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8990
x-amzn-requestid: cb142f4b-787e-4b3c-9d75-72579105db60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFOHi8IAMFpDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ee-504a14105d2be58b1ce71c18;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GLJACvZUJjLdl3O2HUkWjgr7MqT_SRigTSdweSaTxUc-gTDULbYliA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:14:18 GMT
age: 46487
etag: "757f8e6306effbab70d99757c5672564cfc9f623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg
200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae0ab55e0e77a4265808a6689f25cbc3
187e6b340b43eb1aa0c724b749db7c20a486706a
3881e5ad44b9b2fae82510794af43d14e304ce624f26f66523f85d58fea063dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9625
x-amzn-requestid: 9bd72b4a-2ac0-423f-b0e2-73fd51e02e97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYEBHTjIAMFvOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406e6-57f5412d5eca6d640a0f590d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UavYBt2WjF4WCRJGtM2zS-dZinNLgs_0HuyORwaVCSlj-32Qd6sNTQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:09:56 GMT
age: 46749
etag: "187e6b340b43eb1aa0c724b749db7c20a486706a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Origin.FromBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1
200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Origin.FromBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Origin.FromBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1
200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221115-5-RELEASE.es6.js
200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221115-5-RELEASE.es6.js
IP
File type ASCII text, with very long lines (17842)
Hash 9202ce285b8c68d99bbfe57869634d03
d1dbc05806076119bd9a59fb284a0b5a91ad7c42
094e392acb41cafb4141c3e52e42c8fb11233ee589d28bfb6505976311f43df7
GET /libtrc/userx.20221115-5-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: QX+XCne6ruIkN9TF/B9ibDp3/Ixl6+7zI+8tv3UCk6YW2jM7iXrh9lpVI1bPvWxgY0s2RJoJESk=
x-amz-request-id: YJFQ1GB5RXK4BV2Y
x-amz-replication-status: PENDING
last-modified: Wed, 16 Nov 2022 10:31:11 GMT
etag: "70a560b5811be3e8f073fed2cdcc4b48"
x-amz-version-id: 5qxMZcHPLLlhcrmUUDGQLMc7aH5ZRx_b
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
via: 1.1 varnish
age: 2270
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 334
x-timer: S1668596945.353049,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 99
content-length: 5397
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=yoo7.com&sn=FirefoxSyncframe&so=3&topUrl=pinkroose.yoo7.com&bundle=1wwiMl9vUWhkbUdrNEd2QXJiOFl5Z2lyMGkzSiUyQlk3MWxUbTljdHo4WUppcTUwOVljNDdlWGpvR25STiUyRmNlVVJVQUVhUzRwSzlPdTRQbjJyY09QSDZzb1QxVkJxUDZkMjZZcDg5MkVPQTJraUJubyUyQm1Ka3NIdzN4ZjZCOVk5bFpLYzNwQw&info=6WWKZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYalhDeCUyQjM0d3o3eDZTVDFtNW5Cb1pU&idsd=472902154,-30323248&cw=1&rtusCallerId=72&lsw=1
200 OK 30 kB URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=yoo7.com&sn=FirefoxSyncframe&so=3&topUrl=pinkroose.yoo7.com&bundle=1wwiMl9vUWhkbUdrNEd2QXJiOFl5Z2lyMGkzSiUyQlk3MWxUbTljdHo4WUppcTUwOVljNDdlWGpvR25STiUyRmNlVVJVQUVhUzRwSzlPdTRQbjJyY09QSDZzb1QxVkJxUDZkMjZZcDg5MkVPQTJraUJubyUyQm1Ka3NIdzN4ZjZCOVk5bFpLYzNwQw&info=6WWKZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYalhDeCUyQjM0d3o3eDZTVDFtNW5Cb1pU&idsd=472902154,-30323248&cw=1&rtusCallerId=72&lsw=1
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash f6113c99ad7fb61a65491c49869dc5b4
43f65bb3d650ca488491f3eeec29e8959270897b
a07ee02139e82ccf84d23a00eb57c9ba2f286da8e5bba9f795e3c1548904fc8f
GET /sid/json?origin=rtus&domain=yoo7.com&sn=FirefoxSyncframe&so=3&topUrl=pinkroose.yoo7.com&bundle=1wwiMl9vUWhkbUdrNEd2QXJiOFl5Z2lyMGkzSiUyQlk3MWxUbTljdHo4WUppcTUwOVljNDdlWGpvR25STiUyRmNlVVJVQUVhUzRwSzlPdTRQbjJyY09QSDZzb1QxVkJxUDZkMjZZcDg5MkVPQTJraUJubyUyQm1Ka3NIdzN4ZjZCOVk5bFpLYzNwQw&info=6WWKZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYalhDeCUyQjM0d3o3eDZTVDFtNW5Cb1pU&idsd=472902154,-30323248&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 748560
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//kjocy.com/content/d4e277cd-90af-41bd-9575-90b48017f81f
200 OK 32 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//kjocy.com/content/d4e277cd-90af-41bd-9575-90b48017f81f
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7ee592f695692e07f54a27d08730f357
94f4e2152e67b775b8a4f0525707e1ee0c8d3c31
a2ca9aed6d228be0332f64fe2a7474956c0a99f6495cbd7364d40db2874abdcf
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//kjocy.com/content/d4e277cd-90af-41bd-9575-90b48017f81f HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 312267233194641621845013044607245934734,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 312267233194641621845013044607245934734,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
etag: "51ecb51c608958178697399939457e94"
last-modified: Sun, 09 Oct 2022 10:52:23 GMT
req-referer: https://www.autoexpress.co.uk/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: b38e71642050dfc3cacc45c69479f43e
x-envoy-upstream-service-time: 1195
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
age: 2284528
x-served-by: cache-iad-kiad7000158-IAD, cache-iad-kiad7000107-IAD, cache-bur-kbur8200073-BUR, cache-iad-kcgs7200126-IAD, cache-bma1632-BMA
x-cache: MISS, HIT, HIT, MISS, HIT
x-cache-hits: 0, 4, 1, 0, 1
x-timer: S1668596945.386019,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//kjocy.com/content/d4e277cd-90af-41bd-9575-90b48017f81f
x-vcl-time-ms: 2
content-length: 32440
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//newsd.co/wp-content/uploads/2018/06/max_bemis_dog_reunion_featured.jpg
200 OK 5.7 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//newsd.co/wp-content/uploads/2018/06/max_bemis_dog_reunion_featured.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cc61e79fa880b29bd02d9d4ac05513e7
3ae07a43665b58e9e7ed40d7aed24e6d97defe99
d83fce9443a49dd1ba92c80b15b1dbb0d0da39da8ee98251ff46cfc5eb402af8
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//newsd.co/wp-content/uploads/2018/06/max_bemis_dog_reunion_featured.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 628075739186185770034192555395206811955,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 628075739186185770034192555395206811955,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "4fce8a6bc1c9043c5786fe49516d59a1"
expiration: expiry-date="Thu, 29 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 29 Aug 2022 10:43:25 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 293
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
age: 5148618
x-served-by: cache-iad-kjyo7100110-IAD, cache-iad-kjyo7100031-IAD, cache-lga21973-LGA, cache-iad-kjyo7100129-IAD, cache-bma1632-BMA
x-cache: HIT, MISS, HIT, HIT, HIT
x-cache-hits: 1, 0, 1, 10, 244
x-timer: S1668596945.406636,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//newsd.co/wp-content/uploads/2018/06/max_bemis_dog_reunion_featured.jpg
x-vcl-time-ms: 0
content-length: 5686
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e628667decd40b4cb57eed84e4140b9.png
200 OK 11 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e628667decd40b4cb57eed84e4140b9.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 53fb51ac11a1713b315744d96769597b
77fc51ab2b4354582e710826eb4fac7f8765d39b
7d1cb4927e0fb2e1bdf1ccda6502cb1c94663691c9b47ec61724cf66079b1c0b
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e628667decd40b4cb57eed84e4140b9.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 382031832680925622896310569721239805205,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 382031832680925622896310569721239805205,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "adbde424739ca9b122ec20d7f1a1b8b6"
last-modified: Tue, 11 Oct 2022 21:40:11 GMT
req-referer: https://weather.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 52690cf3b487200810365a131d65392c
x-envoy-upstream-service-time: 76
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
age: 2434867
x-served-by: cache-iad-kcgs7200035-IAD, cache-iad-kjyo7100020-IAD, cache-lga21925-LGA, cache-iad-kiad7000168-IAD, cache-bma1632-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 7, 1
x-timer: S1668596945.409238,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e628667decd40b4cb57eed84e4140b9.png
x-vcl-time-ms: 1
content-length: 10716
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//pfjfm.com/content/886bcb7c-f95a-4b24-8f54-f4d49ed18a3a
200 OK 6.6 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//pfjfm.com/content/886bcb7c-f95a-4b24-8f54-f4d49ed18a3a
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash d553415b8de46c185294a0fc8c318560
54da36d63091da4bfdb33f61406929ef1e3bbeaf
55c2bc3ff1f88ea5808f4b16a173325507f99284f8407a678ada0e785e552e11
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//pfjfm.com/content/886bcb7c-f95a-4b24-8f54-f4d49ed18a3a HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 552323046427513300638209235454780237072,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 552323046427513300638209235454780237072,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "ca01a6096cdbf6d7967b0a7261c219db"
last-modified: Tue, 18 Oct 2022 11:09:34 GMT
req-referer: https://www.i-programmer.info/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: a92a39bcba95d820701e2d6cb31c6062
x-envoy-upstream-service-time: 1577
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
age: 2402671
x-served-by: cache-iad-kjyo7100042-IAD, cache-iad-kiad7000059-IAD, cache-bur-kbur8200095-BUR, cache-iad-kiad7000150-IAD, cache-bma1632-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1668596945.420380,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//pfjfm.com/content/886bcb7c-f95a-4b24-8f54-f4d49ed18a3a
x-vcl-time-ms: 1
content-length: 6634
X-Firefox-Spdy: h2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic&encoded=1&uid=7827ad37-af2c-4ba3-b780-39a568b216bd-tucta6e4a50&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1668596944643&tagid=&cntry=NO&platform=1&sesid=ce7ade4c16495626679fa467c25f2adc&itemid=/t2107-topic&viewid=1668596944040&geolat=&geoing=&deviceifa=&appid=&sd=v2_ce7ade4c16495626679fa467c25f2adc_7827ad37-af2c-4ba3-b780-39a568b216bd-tucta6e4a50_1668596944_1668596944_CNawjgYQ3pxDGKiZg4HIMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=23bfe768533321d8a006f999317ed729&appname=&cdb=&gdprApplies=true&rid=&sii=6178834178106002875&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9043
200 OK 24 kB URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic&encoded=1&uid=7827ad37-af2c-4ba3-b780-39a568b216bd-tucta6e4a50&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1668596944643&tagid=&cntry=NO&platform=1&sesid=ce7ade4c16495626679fa467c25f2adc&itemid=/t2107-topic&viewid=1668596944040&geolat=&geoing=&deviceifa=&appid=&sd=v2_ce7ade4c16495626679fa467c25f2adc_7827ad37-af2c-4ba3-b780-39a568b216bd-tucta6e4a50_1668596944_1668596944_CNawjgYQ3pxDGKiZg4HIMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=23bfe768533321d8a006f999317ed729&appname=&cdb=&gdprApplies=true&rid=&sii=6178834178106002875&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9043
IP
Hash 8507cf6d624e47fc3cacdb7821ffcbfe
3e817ed1980a0ad45dc1f8e2891105e305b24760
25e2b736baca35c096259cc134d77c92da34b34b915266a0ea75684feea00cd7
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic&encoded=1&uid=7827ad37-af2c-4ba3-b780-39a568b216bd-tucta6e4a50&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1668596944643&tagid=&cntry=NO&platform=1&sesid=ce7ade4c16495626679fa467c25f2adc&itemid=/t2107-topic&viewid=1668596944040&geolat=&geoing=&deviceifa=&appid=&sd=v2_ce7ade4c16495626679fa467c25f2adc_7827ad37-af2c-4ba3-b780-39a568b216bd-tucta6e4a50_1668596944_1668596944_CNawjgYQ3pxDGKiZg4HIMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=23bfe768533321d8a006f999317ed729&appname=&cdb=&gdprApplies=true&rid=&sii=6178834178106002875&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9043 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1483
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596945.392419,VS0,VE33
vary: Accept-Encoding
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg
200 OK 11 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2042a6ae5431a6a0ae6778a926abe92b
cf32b74bc4f87c5f63d04af8dfe5681731ee7670
72fc20edd11e5ea67c6d543a25aabb21174b028dd73c0f943e81019a52e1c852
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 352690306229506137798207407469809578240,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 352690306229506137798207407469809578240,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "1d87cb50171b3fd37fd4f565d4215e54"
last-modified: Fri, 02 Sep 2022 13:32:42 GMT
req-referer: https://wamdw.ahlamontada.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: aca97239202acbb05f0126a178d36274
x-envoy-upstream-service-time: 172
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
age: 5942091
x-served-by: cache-iad-kcgs7200085-IAD, cache-iad-kcgs7200052-IAD, cache-lga21964-LGA, cache-iad-kiad7000047-IAD, cache-bma1632-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 178, 1
x-timer: S1668596945.438860,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg
x-vcl-time-ms: 1
content-length: 10792
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/3/bulk-metrics?route=AM%3AIL%3AV<i=deflated&bulkSize=2
204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/3/bulk-metrics?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk-metrics?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1693
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 86 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
Hash 254b500d0eb4e58f40efa6aa15d902df
210629bfac0faedb3fd5893bb8c624ba1d614f59
79af6475c5dc9fcc6c81c5e47e32464ef38371e61ca36b2e50f6db5439ab4b0d
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:05 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 130120
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A09%3A04.678&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=1652&cv=20221115-5-RELEASE<=deflated&pct=1
204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A09%3A04.678&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=1652&cv=20221115-5-RELEASE<=deflated&pct=1
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A09%3A04.678&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=1652&cv=20221115-5-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
x-fastly-to-nlb-rtt: 77921
access-control-allow-credentials: true
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&cmcv=&pix=31589837&cb=1668596944969&uv=3241&tms=1668596944969&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1668596941940!ts:1668596944969&mntl=2
200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&cmcv=&pix=31589837&cb=1668596944969&uv=3241&tms=1668596944969&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1668596941940!ts:1668596944969&mntl=2
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&cmcv=&pix=31589837&cb=1668596944969&uv=3241&tms=1668596944969&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1668596941940!ts:1668596944969&mntl=2 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
content-length: 0
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&cmcv=&pix=31589837&cb=1668596945001&uv=3241&tms=1668596945001&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1668596941940!ts:1668596945001&mntl=2
200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&cmcv=&pix=31589837&cb=1668596945001&uv=3241&tms=1668596945001&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1668596941940!ts:1668596945001&mntl=2
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&cmcv=&pix=31589837&cb=1668596945001&uv=3241&tms=1668596945001&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1668596941940!ts:1668596945001&mntl=2 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
content-length: 0
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 96f34a2383f7e60fe8aaf4189d606e01
6f0f297a06714568016feb91e0cfefe23153c125
850178be92f3018d1c7818c69fd8a07402519e312fda10d955f1f5e5496f1578
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4425
Cache-Control: max-age=137862
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:05 GMT
Etag: "63742b0e-1d7"
Expires: Fri, 18 Nov 2022 01:26:47 GMT
Last-Modified: Wed, 16 Nov 2022 00:13:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
am-match.taboola.com/sync?dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&excid=22&docw=0&cijs=1&nlb=true
200 OK 1.6 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
Hash 85dd67749bf02125cf33df4d0fc75518
9aa0f78eec470da2637dd9ccdcb6fc42ad13f7d7
cdcd167688e57eb292e2de734d22dbe6881c466287dc0fa0faf0c28a294e6417
GET /sync?dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 96f34a2383f7e60fe8aaf4189d606e01
6f0f297a06714568016feb91e0cfefe23153c125
850178be92f3018d1c7818c69fd8a07402519e312fda10d955f1f5e5496f1578
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6063
Cache-Control: max-age=139500
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:05 GMT
Etag: "63742b0e-1d7"
Expires: Fri, 18 Nov 2022 01:54:05 GMT
Last-Modified: Wed, 16 Nov 2022 00:13:02 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
200 OK 471 B IP
Hash 96f34a2383f7e60fe8aaf4189d606e01
6f0f297a06714568016feb91e0cfefe23153c125
850178be92f3018d1c7818c69fd8a07402519e312fda10d955f1f5e5496f1578
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6536
Cache-Control: max-age=139973
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:05 GMT
Etag: "63742b0e-1d7"
Expires: Fri, 18 Nov 2022 02:01:58 GMT
Last-Modified: Wed, 16 Nov 2022 00:13:02 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
am-match.taboola.com/sync?dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&excid=22&docw=0&cijs=1&nlb=false
200 OK 742 B URL HTTP/2 am-match.taboola.com/sync?dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&excid=22&docw=0&cijs=1&nlb=false
IP
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Hash e212b134cabf80f8be66f676e09c0097
c6f5b87bdb324d5acc99af18d97d5d9835c65c7a
f4461fdc5512d2915f67a2b761cfd5ce1166d1f8dd0f07a571bf31eb1c7d0855
GET /sync?dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:05 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15d802c5-659f-11ed-81f3-141484330506; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d802ff-659f-11ed-81f3-141484330506
X-fe: 2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15d85523-659f-11ed-a5e3-1bce7de30506; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d8555a-659f-11ed-a5e3-1bce7de30506
X-fe: 95
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d36bad-659f-11ed-afbf-13ae17dc0506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d36bad-659f-11ed-afbf-13ae17dc0506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d36bad-659f-11ed-afbf-13ae17dc0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15d82522-659f-11ed-8bd3-1a3cf9d10206; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 55
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15d84802-659f-11ed-9511-1dbc55590506; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d84871-659f-11ed-9511-1dbc55590506
X-fe: 97
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d802ff-659f-11ed-81f3-141484330506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d802ff-659f-11ed-81f3-141484330506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d802ff-659f-11ed-81f3-141484330506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15dda7bb-659f-11ed-80bd-19bfd3920106; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 52
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d8555a-659f-11ed-a5e3-1bce7de30506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d8555a-659f-11ed-a5e3-1bce7de30506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d8555a-659f-11ed-a5e3-1bce7de30506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15ddb107-659f-11ed-a86b-1e87ce780306; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 49
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d84871-659f-11ed-9511-1dbc55590506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d84871-659f-11ed-9511-1dbc55590506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=15d84871-659f-11ed-9511-1dbc55590506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 16 Nov 2022 11:09:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=15ddee5c-659f-11ed-9fdb-18c6427b0406; expires=Wed, 14-Dec-2022 11:09:05 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 108
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
date: Wed, 16 Nov 2022 11:09:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 4d7eaec63634c974724b0eeb1b33b413
1e3289e42e5e1a07f5b7f351f99315629ce5f776
c77fd80e88a502d7a214e3bff81bc137008aff913ea9ce6eb8229f64dcf1e54c
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 11:09:06 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 20 Nov 2022 08:30:22 GMT
ETag: "1e3289e42e5e1a07f5b7f351f99315629ce5f776"
Last-Modified: Wed, 16 Nov 2022 08:30:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 551
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76afc5c09f15b4fa-OSL
ocsp.digicert.com/
200 OK 471 B IP
Hash 28fdacb00dd3f6ed84fa72022d97fcb6
438dc26bd3fe789bb0040a072c24d68728bd767e
be82127e2eb4d550987fce6056d2d6ee9414bbffc1d40c8c956a65df06f5fa41
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6504
Cache-Control: max-age=107505
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:06 GMT
Etag: "6373ac5b-1d7"
Expires: Thu, 17 Nov 2022 17:00:51 GMT
Last-Modified: Tue, 15 Nov 2022 15:12:27 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Nov 2022 11:09:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
ups.analytics.yahoo.com/ups/58534/occ
302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 16 Nov 2022 11:09:06 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBNLEdGMCEDCORKOYy7i49I2mAqQkubQFEgEBAQEWdmN-YwAAAAAA_eMAAA&S=AQAAAiBgmi7SpT2Aye6BjMZ9F0w; Expires=Thu, 16 Nov 2023 17:09:06 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP
ASN #1299 Telia Company AB
File type ASCII text, with very long lines (18728)
Hash 3411aa8c96c3090048616a98b8f70969
4f97fc2e688dc3153f22b2a46226ba3fa6d72b6f
ae0e909887c1b005ab82b8568049b8ccabd99f7caefcf35a4fc473cd89ffd6ac
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 16 Nov 2022 10:56:11 GMT
Content-Encoding: gzip
Content-Length: 10066
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=85572
Expires: Thu, 17 Nov 2022 10:55:18 GMT
Date: Wed, 16 Nov 2022 11:09:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Nov 2022 11:09:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:06 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 16 Nov 2022 11:09:06 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBNLEdGMCEAuaOI2m5UnJks19Wm732rQFEgEBAQEWdmN-YwAAAAAA_eMAAA&S=AQAAAmRB_F-vVj8Ko_ie52uoYx0; Expires=Thu, 16 Nov 2023 17:09:06 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 8e593926ef71f733d71bab3473a3f248
e6807bab890322b40b6b3dde93508383b0ef7e48
3f67b98bc47b5a54f529cc502f65fa80f8958f9c2329750fad937347d1e100f9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3913
Cache-Control: max-age=140581
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:06 GMT
Etag: "637437ae-1d7"
Expires: Fri, 18 Nov 2022 02:12:07 GMT
Last-Modified: Wed, 16 Nov 2022 01:06:54 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 19600bc21eacf9565125744d917cac10
Content-Type: image/gif
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash aafc9ae4e4b0adc26185ea496107fbda
3ad6aae5269c97fad3081eaf617f33feb20ff205
6d813696b7e14b7eeda07dd4e63abce3ba79969ac63686db20a33714f6695bbb
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113622
Date: Wed, 16 Nov 2022 11:09:06 GMT
Etag: "6373c8ae-1d7"
Expires: Thu, 17 Nov 2022 18:42:48 GMT
Last-Modified: Tue, 15 Nov 2022 17:13:18 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: zf4vqbMuF5KXxHR3yv04_7col3w1qsPOhYsGkndntLiNUzy_JC23ZQ==
Age: 5370
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
302 Found 326 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash b7935dc8845592ea78857bb810cd7130
5f497e1627a95df483b70b9436c9431d9ba384d9
2116c3bba5a4dfc09063000e6cefcb61c1e83f2c416370cdd88560aad68fe369
GET /pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
date: Wed, 16 Nov 2022 11:09:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 326
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 16-Nov-2022 11:24:06 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 54ab5e55007c9747024b4f039df5ce6b
token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2249&pt=n&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 54ab5e55007c9747024b4f039df5ce6b
Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---
content-length: 0
ocsp.digicert.com/
200 OK 471 B IP
Hash e55828c06eb123323bbd91db8aaa8e2d
a7af114090a031892f96a414d6fdd448cb1d5d72
2c46d1d10bc2d67548bd792da5e5a399a49ab487fc34ba28c8cad387bd5f60de
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4344
Cache-Control: max-age=162639
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 11:09:06 GMT
Etag: "63748c2a-1d7"
Expires: Fri, 18 Nov 2022 08:19:45 GMT
Last-Modified: Wed, 16 Nov 2022 07:07:22 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Wed, 16 Nov 2022 11:09:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---
302 Found 311 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 69956e1dab0ec7b7cc2ce241988bc563
4a219bf0c65cecd2ec38827c744c6742d95fee72
f7fd2d5100b84e077766cc91221b4da3feef9501429330ca35e921ad5c6253e6
GET /pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---&google_tc=
date: Wed, 16 Nov 2022 11:09:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 311
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 16-Nov-2022 11:24:06 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.turn.com/r/cs?pid=6&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/2 ad.turn.com/r/cs?pid=6&gdpr=1&us_privacy=1---
IP
ASN #56396 Amobee EMEA Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r/cs?pid=6&gdpr=1&us_privacy=1--- HTTP/1.1
Host: ad.turn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=9093646931641448482; Domain=.turn.com; Expires=Mon, 15-May-2023 11:09:06 GMT; Path=/; Secure; SameSite=None
location: https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=9093646931641448482&expires=60&gdpr=1&gdpr_consent=
content-length: 0
date: Wed, 16 Nov 2022 11:09:06 GMT
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1--- HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Wed, 16 Nov 2022 11:09:06 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: ZVXCT7SG5SJA6KWJJZEH
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
200 OK 213 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 8e2968d615f38d79a906cf7acf6ab8e6
d9ff768ed1882c3a129050408f0727feae0bec38
ca65ed4fa9207a062775b16496e1fd65c15bc20b10c323a5ff3cb3d4e44ab540
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:06 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=9093646931641448482&expires=60&gdpr=1&gdpr_consent=
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=9093646931641448482&expires=60&gdpr=1&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=4212&nid=1185&put=9093646931641448482&expires=60&gdpr=1&gdpr_consent= HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 19600bc21eacf9565125744d917cac10
Content-Type: image/gif
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
200 OK 43 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Wed, 16 Nov 2022 11:09:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: DPJE27PH4PTZ23QP6KNQ
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:06 GMT
via: 1.1 varnish
age: 13017
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 1567
x-timer: S1668596946.418983,VS0,VE0
cache-control: private,max-age=31536000
abp: 99
content-length: 254
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4505
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:06 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596946.383175,VS0,VE86
x-vcl-time-ms: 86
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated
204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2382
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:06 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596946.404662,VS0,VE79
x-vcl-time-ms: 79
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 0329354e08b62395bc0afcfce050617d
d2250916d2b2fbd67fa023332d6217c5614c75f1
9a3f342eb931dd3adbb3b4ef99f85589da75bb10781a1998c017b10753eae763
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 16 Nov 2022 11:09:06 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 15 Nov 2022 20:08:42 GMT
Expires: Wed, 16 Nov 2022 20:08:42 GMT
ETag: "d2250916d2b2fbd67fa023332d6217c5614c75f1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1668596944981&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
200 OK 495 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1668596944981&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
IP
File type ASCII text, with very long lines (1332), with no line terminators
Hash a645cb903a6590249cff73eecf64da66
af819135ed3f786583aae534a3f929ecf9394d9d
81aaa0c197fd31f8bbd5ec5a4bb632f612caddf8e80f39493ae17c1b8b907120
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1668596944981&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1475
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596946.753694,VS0,VE127
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:07 GMT
via: 1.1 varnish
age: 375
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 476
x-timer: S1668596947.326006,VS0,VE0
vary: Accept-Encoding
abp: 99
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
cm.adgrx.com/bridge?AG_SETCOOKIE&AG_PID=rubicon&gdpr=1&us_privacy=1---
200 OK 43 B URL HTTP/2 cm.adgrx.com/bridge?AG_SETCOOKIE&AG_PID=rubicon&gdpr=1&us_privacy=1---
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /bridge?AG_SETCOOKIE&AG_PID=rubicon&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.adgrx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:07 GMT
content-type: image/gif
content-length: 43
server: Cowboy
x-realserver-nx: ams-delivery-2
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
pragma: no-cache
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
access-control-allow-origin: *
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&cmcv=&pix=undefined&cb=1668596945002&uv=3241&tms=1668596945002&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=f73d7770-8e70-442f-bcab-8698ef229fdf&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
200 OK 1.0 kB URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&cmcv=&pix=undefined&cb=1668596945002&uv=3241&tms=1668596945002&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=f73d7770-8e70-442f-bcab-8698ef229fdf&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
Hash 7761597dee597aead72a23bf6de829cd
310d17dbfb14309a542f73c3a070f0467c848086
a7ee2ad710217ad7a74fcee2383d428bae804bedf206d0c2b1aea0f4c992db9e
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&cmcv=&pix=undefined&cb=1668596945002&uv=3241&tms=1668596945002&abt=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=f73d7770-8e70-442f-bcab-8698ef229fdf&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596946.754150,VS0,VE23
vary: Accept-Encoding
X-Firefox-Spdy: h2
pips.taboola.com/
200 OK 4 B IP
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://pinkroose.yoo7.com
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:07 GMT
via: 1.1 varnish
x-served-by: cache-bma1634-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_1/assets/css/cmOsUnit.css
200 OK 8.3 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_1/assets/css/cmOsUnit.css
IP
Hash a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991
GET /vpaid/units/32_4_1/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: bAySMeSEXUGF3N8aZ6rmf8GYDZEd5K/VMoUKcFg92G+JmjfEGiEl/M1DtvrgnTYRvY/caUbbLEE=
x-amz-request-id: BD24MC3C62DTEDFC
last-modified: Thu, 10 Nov 2022 16:15:38 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1668096937
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1668096936
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:10 GMT
via: 1.1 varnish
age: 499544
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 111383
x-timer: S1668596951.880471,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_1/infra/cmTagWIDGET_ITEM.js
200 OK 128 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_1/infra/cmTagWIDGET_ITEM.js
IP
File type Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size 128 kB (127530 bytes)
Hash 151facb98d755a46fd260231d78130a9
f10823c4a61f363f3256882cea2ca31881e4afd5
678985021845d0de22cd87f7cfe9f174f170791fbd99d91237fb9ad6742f72e5
GET /vpaid/units/32_4_1/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 1yXNPquop0+Zvalsht6cm6Z/leKNzl+LPgBYbMGuhP07wVVrY6iRM4MUHQHpDgMNh1Ejf//TflA=
x-amz-request-id: EHGZNJWMAS99HHZH
last-modified: Thu, 10 Nov 2022 16:14:45 GMT
etag: "151facb98d755a46fd260231d78130a9"
x-amz-meta-ctime: 1668096884
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1668096883
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:10 GMT
via: 1.1 varnish
age: 499543
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 55963
x-timer: S1668596951.890911,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127530
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
200 OK 87 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd
GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:11 GMT
via: 1.1 varnish
age: 1740828
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 293660
x-timer: S1668596951.167770,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2
vidstatb.taboola.com/vid/blackScreen5.mp4
206 Partial Content 91 kB URL HTTP/2 vidstatb.taboola.com/vid/blackScreen5.mp4
IP
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b2b087fe4ae638c533731c347fcd4df8
62851c888c21bb51cc04f13b6fc0451279fe0425
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:11 GMT
age: 2009715
x-served-by: cache-bma1632-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 446202
x-timer: S1668596951.391213,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 16 Nov 2022 11:09:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=1921d07c-659f-11ed-9a7c-186cd56e0406; expires=Wed, 14-Dec-2022 11:09:11 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=1921d0ba-659f-11ed-9a7c-186cd56e0406
X-fe: 54
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 16 Nov 2022 11:09:11 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=1922a534-659f-11ed-a469-1d7abbad0406; expires=Wed, 14-Dec-2022 11:09:11 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=1922a582-659f-11ed-a469-1d7abbad0406
X-fe: 28
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
am-match.taboola.com/sync?dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&excid=22&docw=0&cijs=1&nlb=true
200 OK 1.1 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1120), with no line terminators
Hash f717cf68d70edb144ff0ab0bbaffacfe
e3f6de8e0594a980413fb5ac1cd43376b6427ec8
71b7861e9cdaab14dede85a55abcc5caa084ca862ecf9906830ea4de881be04b
GET /sync?dast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:11 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&excid=22&docw=0&cijs=1&nlb=false
200 OK 742 B URL HTTP/2 am-match.taboola.com/sync?dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&excid=22&docw=0&cijs=1&nlb=false
IP
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Hash e212b134cabf80f8be66f676e09c0097
c6f5b87bdb324d5acc99af18d97d5d9835c65c7a
f4461fdc5512d2915f67a2b761cfd5ce1166d1f8dd0f07a571bf31eb1c7d0855
GET /sync?dast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:11 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:11 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash a30b582a2573caa5e8bdbb23b2f09139
2f24807376faaa14ca2b67db13e9d5830a6086c9
ca749e187a0f56bff342818f212d6389919129bcdaea0a8c08b16e6727f51fc1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 11:09:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 13:56:49 GMT
Expires: Tue, 22 Nov 2022 13:56:48 GMT
Etag: "2f24807376faaa14ca2b67db13e9d5830a6086c9"
Cache-Control: max-age=527856,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76afc5e3597f0af6-OSL
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:11 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66dafa1b-55cd-4968-9135-1ea419481f20.webp
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66dafa1b-55cd-4968-9135-1ea419481f20.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fec68e4ff4a2f6983c4fb1c03e70ed0
e590b099b6803d014c4ec37cac510a65bc10aa4a
8fc33642239701291705777c3d161d30b14807a72d20c68f3a9b412edfe29bb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66dafa1b-55cd-4968-9135-1ea419481f20.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11466
x-amzn-requestid: d014e7ab-f4d1-4dac-af82-9443de7559ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqY4-EsGoAMFqXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63740839-5085339516785a4f353595ff;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:44:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cL3nS13xhZJft25oulFNL5TCT-ts4zdbn40ktPJf9Pf8b2Ai-WwwCA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:47:45 GMT
etag: "e590b099b6803d014c4ec37cac510a65bc10aa4a"
content-type: image/jpeg
age: 48087
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pinkroose.yoo7.com/t2107-topic
200 OK 0 B URL HTTP/2 pinkroose.yoo7.com/t2107-topic
IP
GET /t2107-topic HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Wed, 16 Nov 2022 00:00:00 GMT
last-modified: Wed, 16 Nov 2022 11:09:03 GMT
vary: User-Agent
set-cookie: exadd=166861; expires=Wed, 16-Nov-2022 15:09:03 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1668596950005&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1668596950005&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
IP
POST /VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1668596950005&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1431
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596951.739611,VS0,VE128
vary: Accept-Encoding
X-Firefox-Spdy: h2
illiweb.com/rs3/64/frm/embed/FA_Embed.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/64/frm/embed/FA_Embed.js
IP
GET /rs3/64/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Tue, 07 Nov 2023 08:26:53 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 787330
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WZ7p9A7pl0tceC3aw3GPBK2ojMtTkGNeC5wogiGTyYSIov20CWdD%2F%2BOQQRSQCVapDD5KyEu77AV7%2FewRdOKtV4A0tXFa3IsL2vZAQ7SNHdOd%2FBezrKIMhZDLVUVbpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5afee271bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pinkroose.yoo7.com/-div%20align=
404 Not Found 0 B URL HTTP/2 pinkroose.yoo7.com/-div%20align=
IP
GET /-div%20align= HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/t2107-topic
Connection: keep-alive
Cookie: exadd=166861
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/trc/3/json?tim=11%3A09%3A04.042<i=deflated&data=%7B%22id%22%3A615%2C%22ii%22%3A%22%2Ft2107-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1668505412671%2C%22vi%22%3A1668596944040%2C%22cv%22%3A%2220221115-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic%22%2C%22vpi%22%3A%22%2Ft2107-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A3694%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A142.39999389648438%2C%22mw%22%3A0%2C%22amw%22%3A948.566650390625%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3654.39990234375%2C%22mw%22%3A979.5999755859375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft2107-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
200 OK 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/trc/3/json?tim=11%3A09%3A04.042<i=deflated&data=%7B%22id%22%3A615%2C%22ii%22%3A%22%2Ft2107-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1668505412671%2C%22vi%22%3A1668596944040%2C%22cv%22%3A%2220221115-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic%22%2C%22vpi%22%3A%22%2Ft2107-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A3694%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A142.39999389648438%2C%22mw%22%3A0%2C%22amw%22%3A948.566650390625%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3654.39990234375%2C%22mw%22%3A979.5999755859375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft2107-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP
GET /forumotion-ar/trc/3/json?tim=11%3A09%3A04.042<i=deflated&data=%7B%22id%22%3A615%2C%22ii%22%3A%22%2Ft2107-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1668505412671%2C%22vi%22%3A1668596944040%2C%22cv%22%3A%2220221115-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fpinkroose.yoo7.com%2Ft2107-topic%22%2C%22vpi%22%3A%22%2Ft2107-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A3694%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A142.39999389648438%2C%22mw%22%3A0%2C%22amw%22%3A948.566650390625%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3654.39990234375%2C%22mw%22%3A979.5999755859375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft2107-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596945.892406,VS0,VE401
vary: Accept-Encoding
x-vcl-time-ms: 401
X-Firefox-Spdy: h2
stootsou.net/pfe/current/tag.min.js?z=2308013
200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 14:20:39 GMT
etag: W/"636a65b7-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=pinkroose.yoo7.com
200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=pinkroose.yoo7.com
IP
GET /syncframe?origin=publishertag&topUrl=pinkroose.yoo7.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:02 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=82482c73-96a4-44e8-aa8f-e84f22adf777; expires=Mon, 11 Dec 2023 11:09:03 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 718672
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.403
200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.403
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.403 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 14:20:39 GMT
etag: W/"636a65b7-180b9"
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=pinkroose.yoo7.com&info=ZKHOzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYajFhVUJlU3FkektVeG9QNjN0YXJ0dA&idsd=472902154,-30323248&cw=1&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=pinkroose.yoo7.com&info=ZKHOzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYajFhVUJlU3FkektVeG9QNjN0YXJ0dA&idsd=472902154,-30323248&cw=1&lsw=1
IP
GET /sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=pinkroose.yoo7.com&info=ZKHOzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYajFhVUJlU3FkektVeG9QNjN0YXJ0dA&idsd=472902154,-30323248&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=pinkroose.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1078039
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
illiweb.com/rs3/64/frm/lang/ar.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/64/frm/lang/ar.js
IP
GET /rs3/64/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Tue, 07 Nov 2023 08:39:39 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 786564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwcMehm%2Fvkubp%2BhYYAAS38V3ZRds7XdG2dhpbExzQngEAZ5jH%2Fx7krCchA46sNhJ0tmdI7d0kxdxReR3ZB%2BBQpYZvFADaBL%2BAB8a4Cs8PAHGspBiYxcVbsBn9ergoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5afbdfc1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Fri, 16 Dec 2022 11:09:03 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: D9DC:101F2:8442B2:88431A:6373E40D
vary: Accept-Encoding
x-fastly-request-id: ff237ed923f08253ee470932b745a2c1d2faa8f6
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
pinkroose.yoo7.com/serviceworker.js
200 OK 0 B URL HTTP/2 pinkroose.yoo7.com/serviceworker.js
IP
GET /serviceworker.js HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: exadd=166861; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/javascript
last-modified: Thu, 25 Feb 2021 14:30:57 GMT
etag: W/"6037b4a1-b0d"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1668596949982&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1668596949982&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
IP
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1668596949982&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7kBMCFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJDOxDFcr42KtMDmXa9FyOFlLXMvVWjKaWHbDlclkszmMQDITy3C1Mi7WCpNzuRYth5O1xLVcrSWjiWU3XJlMNpvDChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXi942r2Wv9_zsiv_ft9c43f7RZfFYLcW_Q1Pjx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmic-Xv_ZOfGiKiguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCAFBoL2ydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og4_ItTC7TxjEbLVezyWy2W84cptluY1nNLAuTx3tKweBd5l_mMH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgbTnYLk2e3VtgsG7do4vCsJb7hYK1ZLlyz4cSymE1MbtHrY3rYVqaFa7BFwQCOvUieFulEtRm5TBvfcLdYOFaz3Wbh2c1MhonHNrHMJq7ByCKWaE4W6UR22XdcvoXJZdo4ZqPlajaZzXbLmcM0220sq5llYfL4e8PJbmHy7NYKm2XjFk0cnrXENxysNcuFazacWBazickten1MD9vKtHAN9o3ZbLhazpaj0b4xmw1Xy9lyNNp36Azf1edsdAbHE4_LtPZMQyabw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6EWXxWC3Fv0NT49FLBGcLtKJ6GU8XdR_ZMjFXDmYiyZzxWq0SgAAAAAAAAAAS5gzbwIAAABwGshosBmu1nkgg-Vgt1wtFwDC2Uv3B-2OJZDSGmi36hdUHrehYbe48eMG81teb7_p6be7FZYrAzxQkzNv_kwQa7Va1gAAAALYAAAAAdy6eQvAZuL_____4wAAAGTk6AEAAMT3gZK4UeqFH7n4CXIw2gw!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1471
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596951.717537,VS0,VE143
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 330810
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
200 OK 0 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:11 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
illiweb.com/rs3/64/frm/jquery/cookie/jquery.cookie.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/64/frm/jquery/cookie/jquery.cookie.js
IP
GET /rs3/64/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Tue, 07 Nov 2023 08:26:48 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 787335
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBcbyyyOc9ohFNvIK3sbYiXjknMycAoYXdJ4jCGHd2BmGQVSzTEmPqw46ZuI3F5aWZY4UKoxewWAPitCuIEzY3IyXVVo01JnjMZ0TexriLfgA7uUVXxGHCz%2BWpKbmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76afc5afde161bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pinkroose.yoo7.com/-div%20align=
404 Not Found 0 B URL HTTP/2 pinkroose.yoo7.com/-div%20align=
IP
GET /-div%20align= HTTP/1.1
Host: pinkroose.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pinkroose.yoo7.com/t2107-topic
Connection: keep-alive
Cookie: exadd=166861; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 16 Nov 2022 11:09:03 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=ZKHOzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYajFhVUJlU3FkektVeG9QNjN0YXJ0dA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 16 Nov 2022 11:09:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=6WWKZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnJiUGdTd29aRkVXRklqT0tkTTBYalhDeCUyQjM0d3o3eDZTVDFtNW5Cb1pU; expires=Mon, 11 Dec 2023 11:09:05 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 363999
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1668596945005&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1668596945005&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1
IP
POST /VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1668596945005&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-1185685602&tz=0&viewable=true&ddast=V7a50CFgP7E3c46Zk8SgT7E3c46Zk8SgUAAAAGBuIHJObbjHy73WAtXPkGa9FoMnNLPA6LWzhbDlc2y2Q5M9mMQFIO18K52VjWksnCtRYtVw63cDQYuUU2425lGUx2G49jCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3esHT7rX8_Z6XXfn3--Yav9svuiwGu7Xob3h67AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFy0WMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQAgIEs0fBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5wpdKCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAxmXb2FymTaO2Wi5mk1ms91y5jDNdhvLamZZmDzeUwoG7zL_Mofp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBHmhpPdwuTZrRU2y8Ytmjg8a4lvOFhrlgvXbDixLGYTk1v0-pgetpVp4RpsUTCAYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WXfcfkWJpdp45iNlqvZZDbbLWcO02y3saxmloXJ4-8NJ7uFybNbK2yWjVs0cXjWEt9wsNYsF67ZcGJZzCYmt-j1MT1sK9PCNdg3ZrPhajlbjkb7xmw2XC1ny9Fo36EzfFefs9EZHE88LtPaMw2ZbA6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0ItlMbC7fbLjabDaTxci4MAxmM-dyuVnsVibfZDkRS5Smi3SiF10Wg91a9Dc8PRb1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq-UCQDh76f6g3bEEUloD7Vb9gsrjNjTsFjd-3GB-y-vtNz39drfCcmWAB2py5s2eCWKtVssaAABAABsAACCAWzdvAdiM3D5QEjdKvfAjFz9BDkabAQ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=2&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=fuvClient1_vA!lvlstst-in2_vA!lvlstst1_vA!mprdctdt6_vA!ntvc_vA!smbs!t45!t45!u2822_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fpinkroose.yoo7.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://pinkroose.yoo7.com
Connection: keep-alive
Referer: https://pinkroose.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1458
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://pinkroose.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 16 Nov 2022 11:09:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1632-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668596946.763567,VS0,VE149
vary: Accept-Encoding
X-Firefox-Spdy: h2
94.23.150.222
142.250.74.74
151.101.85.44
23.36.77.32
104.21.235.175
178.250.0.130
52.95.115.255
139.45.195.8
185.106.33.48
3.126.56.137