downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
188.114.96.1301 Moved Permanently 0 B URL HTTP/1.1 downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?url=https://www.youtube.com/watch?v=ih14zfnQHPU HTTP/1.1
Host: downsub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 08:58:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Dec 2022 09:58:10 GMT
Location: https://downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFxh7rahj5tkh%2B0M7JPyOY%2B8Itg5f8W%2F44w6uZnCs40x4wsmL3WqP2eNOPRUTR1lJXPCIHEAZW7fWkn3lhozZEDjPeMwdLL%2FpgDVz%2FHee2ck50MqqGzuKn1muOqQnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773b19584d5d1c06-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15580
Expires: Sat, 03 Dec 2022 13:17:50 GMT
Date: Sat, 03 Dec 2022 08:58:10 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5179
Cache-Control: max-age=97164
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:10 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:57:34 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4499
Expires: Sat, 03 Dec 2022 10:13:09 GMT
Date: Sat, 03 Dec 2022 08:58:10 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c4898c772b2c372802722e6410f2d585
d664e01845b7ec0d04f7cf3df9f5837e4abf2682
a176a2b857bcd52406b0ccdaf0ddc7e3af31626193b7b8491231943e4d9a7768
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5913
Cache-Control: max-age=100053
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:10 GMT
Etag: "6389dc5e-118"
Expires: Sun, 04 Dec 2022 12:45:43 GMT
Last-Modified: Fri, 02 Dec 2022 11:07:10 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 08:18:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2396
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lgrc+Y/fTGyhRaenk6cv9PvUY2vxgufscumQKDzY6mTitHx7srqSjws0QfAsQuuqWDELZeS9r2w=
x-amz-request-id: C094NNJQ5JZ0PZ8X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 08:46:30 GMT
age: 700
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 08:11:17 GMT
cache-control: public,max-age=3600
age: 2814
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c4898c772b2c372802722e6410f2d585
d664e01845b7ec0d04f7cf3df9f5837e4abf2682
a176a2b857bcd52406b0ccdaf0ddc7e3af31626193b7b8491231943e4d9a7768
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5914
Cache-Control: max-age=100053
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Etag: "6389dc5e-118"
Expires: Sun, 04 Dec 2022 12:45:44 GMT
Last-Modified: Fri, 02 Dec 2022 11:07:10 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5164
Cache-Control: max-age=92087
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:32:58 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-T9M8G86
142.250.74.168200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-T9M8G86
IP 142.250.74.168:0
File type ASCII text, with very long lines (8962)
Hash bda903f47de9dd2ab1f3d34c4a3026bd
939219d667678488aa50fa445311a4dd1be48319
1fc9402eb5910dc0cf5d58eb93c5f5473512f7fd34e3c5b9d0666a1571721ad6
GET /gtm.js?id=GTM-T9M8G86 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Dec 2022 08:58:11 GMT
expires: Sat, 03 Dec 2022 08:58:11 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50829
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7Yj3N0TB/x5ktd7WVXqsgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jBYbecZsI94PKt2QzSsV1SEpme4=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2b7109f7fedfbe369b2c3d9661f59ace
84b651427ef6b73cb35d7dbd0edae0cf006522ca
92eabcca27d3deaf0e84be8af2ccadd3879c9c6fbc8a7d150979636b2e4ba139
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92EABCCA27D3DEAF0E84BE8AF2CCADD3879C9C6FBC8A7D150979636B2E4BA139"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5932
Expires: Sat, 03 Dec 2022 10:37:04 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.14200 OK 21 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
Hash 6584fe482cbad614fb0a2aa2634fb2bd
0e1c8c4b64d30c48c95d6c1f29f09f6edffc043b
c924e22ea9b7c9cf63a1caf50437d60fe0ec685ff8efab86be3e3ca6bc05ac34
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 03 Dec 2022 08:46:55 GMT
expires: Sat, 03 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 677
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/downsub/loader.js
151.101.193.44200 OK 30 kB URL HTTP/2 cdn.taboola.com/libtrc/downsub/loader.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (64960)
Hash 708a417295bff756a8a65df9d22d39b4
cd3551d6adf956b7a18a8767e45ad8bb91386197
9891fdb5d010cafe978e86b8805ac72790992601a5a4b31e10efd9dae610b5f8
GET /libtrc/downsub/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "516d5e09fd7410e1e446967dfc5d8fb44048a171"
last-modified: Fri, 02 Dec 2022 15:29:43 UTC
x-amz-id-2: 1gfdvM/0ql4Ox9k1cf6PQDXguvEnxPjaFehyRjjP0k51lVANUC9MNm32uoRi2lTmcGmfcjwh6zQ=
x-amz-request-id: 4FM1DTN8JJYE4YZP
x-amz-version-id: jLpvyTxUBg8BKRgOV9IMtB5VIS.oD98v
x-from-cache: 1
x-envoy-upstream-service-time: 9
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:12 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057893.641665,VS0,VE87
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 20
content-length: 30049
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/tr5?abgroup=aa_test_for_monitoring_ctrl
151.101.193.44200 OK 3 B URL HTTP/2 cdn.taboola.com/libtrc/tr5?abgroup=aa_test_for_monitoring_ctrl
IP 151.101.193.44:0
File type ASCII text, with no line terminators
Hash cf1731f1eadf52f064e6059d699e7615
816201b65af045985cf47b5c7c58089759d00a45
2e34af284c28bf285781a36241b6e00ec74c81e6ae6858d52bdede5ebf7e37c1
GET /libtrc/tr5?abgroup=aa_test_for_monitoring_ctrl HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Varnish
retry-after: 0
content-type: text/html
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1670057893.929603,VS0,VE0
cache-control: private,max-age=14400
content-length: 3
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221201-24-RELEASE.js
151.101.193.44200 OK 147 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221201-24-RELEASE.js
IP 151.101.193.44:0
File type JSON data\012- , ASCII text
Size 147 kB (146889 bytes)
Hash e0781ea0fcda3adafcf936855b3f4cd1
794e5868b0265b4ee0f7134d08da1cfcaefa8ac8
5aed54756011f2ed2fb98fa6fa016ef5e51940c341de05a955b61968452b0ca7
GET /libtrc/impl.20221201-24-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: rFDrDFdl4BZ4eIl3PtktQYpAVy1RE6POaQ9eRZxo+xxAX1n6SMNyHhkN5nza1KCxHfcBpzMAfto=
x-amz-request-id: PDD8ANKXRASKG9HN
last-modified: Thu, 01 Dec 2022 17:45:55 GMT
etag: "385cfb682512980cfe2f08fd62b6fb64"
content-encoding: br
x-amz-version-id: ofIXx6LEWRAEtEe5ALtgmKE0Y_JueXHu
content-type: application/javascript
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:12 GMT
via: 1.1 varnish
age: 25740
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 9513
x-timer: S1670057893.929707,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 47
server: AmazonS3-br
content-length: 146699
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive
facesnotebook.com/de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js
192.243.59.12200 OK 14 kB URL HTTP/1.1 facesnotebook.com/de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37192), with no line terminators
Hash 01188b5c1b8990e94ddf67f231bb8712
1925b102d9ecec5236145cafac787d8c790c2547
e15839987b3897827636a2d66aea72d62fb02fce451f4e5f207266870d3036a3
GET /de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js HTTP/1.1
Host: facesnotebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 08:58:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45d8d46465f1753dd2057f44126c89eb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 00:57:24 GMT
age: 28849
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ffa12df550123f63b20f67437cd8a04
398fd2d837c73f54c4591b69cd683f29bdf9184a
fd9ac4396488098923c27531295e64475047dd008a901e59915109a73a69f305
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6119
x-amzn-requestid: cac5842e-2b57-4eda-9b09-27ec8a0b1bf8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMiE7Hq0oAMFzHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381b085-151f123551f999a918de8a3a;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 06:21:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mrS561ug59NStQyD3cH4ndqGvY3QiLVeMFOoC86ktj52PghNjeYa5w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 20:55:39 GMT
age: 43354
etag: "398fd2d837c73f54c4591b69cd683f29bdf9184a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:51:06 GMT
age: 40027
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:02:08 GMT
age: 14165
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d568a89-ee21-427a-b971-0d1500164a62.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d568a89-ee21-427a-b971-0d1500164a62.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash becc8cdba57494c6fe212eb67634e1eb
c8bd6bd9086e0a52b83b89dfd755e7ebba222fb8
fbb25b88b10a818bb0c6ad385b1e5ba54b87672c73bfa8a9c1ecb17dcc689d5a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d568a89-ee21-427a-b971-0d1500164a62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11942
x-amzn-requestid: ba8a5d03-7796-4c6d-a6df-3cc71b1c5259
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: chqukGmWoAMFtLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a24c3-609dc90d769060d30a16e3df;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 16:16:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: m6j_3bDGFIAHQYzrZ1zXqUb-HbEJ8XCoGH5mgBFOWRbLzoSiuNBnhg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:59:25 GMT
age: 39528
etag: "c8bd6bd9086e0a52b83b89dfd755e7ebba222fb8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcdb77a21f91a4a280ac9a8efbc48bbd
74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d
5ee7c45f21b38c653d03a24b10a190a9e9266226d221b006e787cd3719088d7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11233
x-amzn-requestid: 89afb72e-6967-47d0-a0ad-48cad8cd08e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIpgOEi0oAMFstg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638022ce-1e8087e734e71d611df75830;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 02:05:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d9wLy3xAxK6RiYf25v_GFT1gdezT8IzMxaFyGRuGm2nxOBh6uEOg3w==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:01:29 GMT
age: 39404
etag: "74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1670057892190&ns_c=UTF-8&c7=https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU&c8=Waiting%20-%20DownSub.com&c9=
143.204.55.96204 No Content 0 B URL HTTP/2 sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1670057892190&ns_c=UTF-8&c7=https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU&c8=Waiting%20-%20DownSub.com&c9=
IP 143.204.55.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1670057892190&ns_c=UTF-8&c7=https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU&c8=Waiting%20-%20DownSub.com&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Dec 2022 08:58:14 GMT
set-cookie: UID=16E771c8085bc80e07224361670057894; domain=.scorecardresearch.com; path=/; max-age=62208000
x-cache: Miss from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zz1SOG85nSO0U07IYwv6uFlZORO6toI057HOa3xDUSDySvsy0e0axA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19881
Expires: Sat, 03 Dec 2022 14:29:35 GMT
Date: Sat, 03 Dec 2022 08:58:14 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 833966236f5c9d8b8d1e09b852260dec
aead33bed8028b01b7504060382e14dc3b044524
0908f25e82681caf3a15895e5ed7c2c7a78de49404e7b4d940146dbd864c7cbb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/ih14zfnQHPU/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLC6OhpKGfIS0o8NVcCXg1iNg27R0w
142.250.74.118200 OK 7.5 kB URL HTTP/2 i.ytimg.com/vi/ih14zfnQHPU/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLC6OhpKGfIS0o8NVcCXg1iNg27R0w
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 168x94, components 3\012- data
Hash 21306348bff51fbcef1f1107e72232df
69c7135c16cba5524e0cd5a471b74cfefae26edb
54a0c6ad1208bf72108a69bb0927a73ee5a2e55a1db1c476f0a7ef22c06c3dac
GET /vi/ih14zfnQHPU/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLC6OhpKGfIS0o8NVcCXg1iNg27R0w HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 7472
date: Sat, 03 Dec 2022 08:58:14 GMT
expires: Sat, 03 Dec 2022 10:58:14 GMT
cache-control: public, max-age=7200
etag: "1634733682"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 833966236f5c9d8b8d1e09b852260dec
aead33bed8028b01b7504060382e14dc3b044524
0908f25e82681caf3a15895e5ed7c2c7a78de49404e7b4d940146dbd864c7cbb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 8be4570a1d9d09c7b793e97ee1f6edaf
cb101195afa0dbb473bcd5050ee2ab4a25af825f
b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 08:58:14 GMT
Last-Modified: Sat, 03 Dec 2022 07:38:04 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: itJRFG1TOkrMT-HJtxPH7Zy8lRqHO_MajMh65IrzA6h9iXTTU6QIEQ==
Age: 4810
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 4e052a16e3af9b329a99aeef6e2aed41
a58fb51a0788926fa72e4e442e5b16bbf8e7a1e1
590fcff53265e84493e47aa0b5e5e48494079ff8496d69bb8aa611606a6822bc
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
set-cookie: uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; expires=Tue, 30 Nov 2032 08:58:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19881
Expires: Sat, 03 Dec 2022 14:29:35 GMT
Date: Sat, 03 Dec 2022 08:58:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 751e53a165aacea66a3736c42ae05095
bc9f28be437eacdbbb07405591f8a98d46ca6b75
2224a82e8bcee8ef6aedb550689943153a26021bfe9c8071a760e199610af02f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2224A82E8BCEE8EF6AEDB550689943153A26021BFE9C8071A760E199610AF02F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8611
Expires: Sat, 03 Dec 2022 11:21:45 GMT
Date: Sat, 03 Dec 2022 08:58:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1d01c48aceb0aa610a1769d1398e403d
7c5e8e14bc685af339a979ceef6c2942994bd86e
925a72d059b45264690446d0e004cf1a96d4be10dbf614ad51113af07e82404a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5157
Cache-Control: max-age=99273
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:14 GMT
Etag: "6389dc4a-139"
Expires: Sun, 04 Dec 2022 12:32:47 GMT
Last-Modified: Fri, 02 Dec 2022 11:06:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313
trc-events.taboola.com/downsub/log/2/debug?tim=08%3A58%3A12.388&type=usage&msg=rtus&llvl=2&id=4844&cv=20221201-24-RELEASE<=aa_test_for_monitoring_ctrl&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/downsub/log/2/debug?tim=08%3A58%3A12.388&type=usage&msg=rtus&llvl=2&id=4844&cv=20221201-24-RELEASE<=aa_test_for_monitoring_ctrl&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /downsub/log/2/debug?tim=08%3A58%3A12.388&type=usage&msg=rtus&llvl=2&id=4844&cv=20221201-24-RELEASE<=aa_test_for_monitoring_ctrl&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:14 GMT
x-fastly-to-nlb-rtt: 22107
access-control-allow-credentials: true
X-Firefox-Spdy: h2
soldierreproduceadmiration.com/cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 soldierreproduceadmiration.com/cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 887dcee3f561bcd8c68a281c659e2982
989ec5192a7dd5ba442d8d63c0173fb2668780f1
eff3e5ab72359dbb5c6ae9dcff58b8dfa4fe63f18bb0f6cb842762057a99bbd9
Analyzer Verdict Alert quad9 Sinkholed
GET /cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be6618bc90c9960b9d02e0074241274f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A12.393<i=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A565%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A6775%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A201%2C%22mw%22%3A547.5%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Head%20of%20article%22%2C%22orig_uip%22%3A%22Head%20of%20article%22%2C%22cd%22%3A473.5%2C%22mw%22%3A559.5%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2
151.101.193.44200 OK 25 kB URL HTTP/2 trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A12.393<i=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A565%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A6775%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A201%2C%22mw%22%3A547.5%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Head%20of%20article%22%2C%22orig_uip%22%3A%22Head%20of%20article%22%2C%22cd%22%3A473.5%2C%22mw%22%3A559.5%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2
IP 151.101.193.44:0
Hash dddd31067756c027c32a59d69f774edf
086f5cd151a58aa613d3e3df27d138d849525a69
a8e18276acb33f8f8e46dcec52f347480723916171c0f0c408fefc3238363904
GET /downsub/trc/3/json?tim=08%3A58%3A12.393<i=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A565%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A6775%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A201%2C%22mw%22%3A547.5%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Head%20of%20article%22%2C%22orig_uip%22%3A%22Head%20of%20article%22%2C%22cd%22%3A473.5%2C%22mw%22%3A559.5%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057895.756340,VS0,VE264
vary: Accept-Encoding
x-vcl-time-ms: 264
X-Firefox-Spdy: h2
soldierreproduceadmiration.com/sbar.json?key=dee4f2455ab43dc9f44a5f28fcc0dfe7&uuid=91f89ce6-34a0-4911-bffb-5342953657bb%3A2%3A1
173.233.137.36200 OK 4.2 kB URL HTTP/1.1 soldierreproduceadmiration.com/sbar.json?key=dee4f2455ab43dc9f44a5f28fcc0dfe7&uuid=91f89ce6-34a0-4911-bffb-5342953657bb%3A2%3A1
IP 173.233.137.36:0
File type JSON data\012- , ASCII text, with very long lines (6185), with no line terminators
Hash e5243ac5567148a0733a6b0ad2b74b28
9c2efcc3fffef1fba38874e7049ed62dd8ebb3bd
c8c2b436c900b95a47ed3570f06db700b9cc2038e0ca1bc193a1d9f778dd40c4
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=dee4f2455ab43dc9f44a5f28fcc0dfe7&uuid=91f89ce6-34a0-4911-bffb-5342953657bb%3A2%3A1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://downsub.com
Access-Control-Allow-Origin: https://downsub.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15809635; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; expires=Sat, 10 Dec 2022 08:58:15 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
uncs=1; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0caa71d4d7c479bc80e6f9383dfeab75
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=4532&rd=4532&fd=714&bv=22.10.v.10&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=4532&rd=4532&fd=714&bv=22.10.v.10&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4532&rd=4532&fd=714&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.taboola.com/libtrc/floating-unit.20221201-24-RELEASE.es6.js
151.101.193.44200 OK 2.5 kB URL HTTP/2 cdn.taboola.com/libtrc/floating-unit.20221201-24-RELEASE.es6.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (7796)
Hash 465667cc7c3b638155a09b29b60c532e
339838058ed5db1d02ef5dd70b84cee157a92674
caf89253612ae8f51021b89531b3162a52299c977376951817e36922378b6779
GET /libtrc/floating-unit.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: A+D60FNNRJoJX+7jJkHJYABNv5I9bRl67XdNcc9eVJWOi5oIXxosD8RfuLEu5e7k0HbIuP5i/t0=
x-amz-request-id: RFVF3KYGQ780QA7C
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:01:00 GMT
etag: "df99baa8f2c699ce2bac3b20f140f236"
x-amz-version-id: IjzaCj1Hmi86fE2Zqv5YDKoEAdL_3_bK
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 14
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670057896.510867,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 2473
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js
151.101.193.44200 OK 7.6 kB URL HTTP/2 cdn.taboola.com/libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (26026)
Hash 23a724c195a564a56b642c0b40338d73
2bf715718db9c4380a1c889d2da3773fc09f0a07
366094c5eae836282e76976c1589a6f316eb0877ffb88b68fe9ed85f4a848c7b
GET /libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: zjsIRZFF8B2KDQ5HeZ8SgZTagEMZDrd+XIggA5WrLrusa2EvYBsyVGZYz+k/alpY1DxH2TqIeFk=
x-amz-request-id: XYD3H00CVTK23JJF
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:02:56 GMT
etag: "f22f818d304aaf3147a7332209833b6f"
x-amz-version-id: fNrvQWAnzqxl0c.BkakTgvkTZfMkXSJ6
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 15
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670057896.511552,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 7557
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js
151.101.193.44200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (4627)
Hash 01fe734a92d8952a6b115ec21c8a0aa7
5a8cdae4a2b7484b7f387c72d731f67784b67a26
4315d20d971dcc8964c5934441d2ffe8200de65c7479c11c0a87f9ae8902a2fb
GET /libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Z5ZbdktwWvg7sPVgyHWE+YX1nu82BVOIpgBMD//dRbRs6JZ3m6D4rQO6IYFeG7WSKDFKhAMftkw=
x-amz-request-id: 987S7DJ2ZTEZYZ0V
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:00:37 GMT
etag: "427b7a4a33a7a67f6843aaa90bcf2843"
x-amz-version-id: 8wlaJp7z8l2oUx_rUfIVaEcgiAU4R7Lg
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 35
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 12
x-timer: S1670057896.512902,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 1263
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221201-24-RELEASE.es6.js
151.101.193.44200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221201-24-RELEASE.es6.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (17842)
Hash 3767da295d90d4c24af46376d07d5cde
ab04b6b8786df6bc95a073872f61937f1b13eeb2
ac5acd527482d71c4e70c82d6d487ed41dc65bed1acf1759b6bc9d863e6e563e
GET /libtrc/userx.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: qMZYEpAgENcZNG+9XK3eH6EoB170TC4Taq/jEXHxbB6WGtDcHZAZIX/26auQKENc8X8eX20WSgw=
x-amz-request-id: 1MV75WX5S7VBM1F7
x-amz-replication-status: COMPLETED
last-modified: Thu, 01 Dec 2022 18:03:33 GMT
etag: "16f67637ac3bc1b6ccd63e6d03c34457"
x-amz-version-id: odjpI9TqiU291.wDPAnq80pQaadNJReA
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 26
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1670057896.513187,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 5398
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/cta-component.20221201-24-RELEASE.es6.js
151.101.193.44200 OK 5.1 kB URL HTTP/2 cdn.taboola.com/libtrc/cta-component.20221201-24-RELEASE.es6.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (18924)
Hash 097452294092fc25721469609592f359
5b14996d97963c902ad7034897a9f914f4696518
c56b8ed6d07b7bb7455dcd3aa30c5d5f44790255d337c8108437ae5e5a19c089
GET /libtrc/cta-component.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: fSF1w07qG0aGqJPY9sOjRIKcSIPfd/lBKGLyhY+i2Dzq4LOAjlJlMPV3IBMfiLreeZFYt9kelds=
x-amz-request-id: PACX9XBENXJVZPM7
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:00:06 GMT
etag: "9a21c0b5013b1bb1179b3dde32389dd1"
x-amz-version-id: 4UU1nAGQojTpTtMCWdLaApN2yCk9QAPx
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 5
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1670057896.513920,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 5108
X-Firefox-Spdy: h2
cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
151.101.193.44200 OK 1.8 kB URL HTTP/2 cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
IP 151.101.193.44:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (4146), with no line terminators
Hash 034656ebd1be218c629e97e2ebc2fbd9
ffdaa8a31d597c32b08c8bc716fa17a9dda01c9a
aa98d5c3b1486984e3824c8801c59f6117583cab7d19d46909c722a647c61ceb
GET /static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: kS83T3TgauYXyuzOsVM2PVjje2tOJt8fRmnXEEXPUWAkl0HdE8aPsYe6IKoetq2QfHvDFnDwtvM=
x-amz-request-id: 6P3270VTZ1MQZDAM
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Feb 2018 11:15:52 GMT
etag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-type: image/svg+xml
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 1
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1670057896.515857,VS0,VE0
cache-control: private,max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: *
vary: Accept-Encoding
abp: 47
content-length: 1758
X-Firefox-Spdy: h2
vidstat.taboola.com/lite-unit/3.9.8/UnitFeedManagerDesktop.min.js
151.101.193.44200 OK 30 kB URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.8/UnitFeedManagerDesktop.min.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9745b6adb8e9b5989ec0a6549ab91a54
76b57e32693c32daecf75a189604d45dd9b0bee1
d2091155a789c3a96c5cbb0bb5ec76a4a4caf0270bc6e245f7fdcd097643f0fa
GET /lite-unit/3.9.8/UnitFeedManagerDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
etag: "7fcf5cdb23e918c79141cd7bbdf0b9cc"
server: AmazonS3
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 4V4gXyIcI4L9vzR78J9Vk5QfuoxBnr_pFntuuBlgEBfiPKebvmGtGw==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 957337
x-served-by: cache-bma1659-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 26128
x-timer: S1670057896.516898,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 30422
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/video/v1659348071/udzke7q4a7y642spip6z.mp4
151.101.193.44206 Partial Content 457 kB URL HTTP/2 cdn.taboola.com/libtrc/static/video/v1659348071/udzke7q4a7y642spip6z.mp4
IP 151.101.193.44:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 457 kB (456570 bytes)
Hash 453bff809f1a5a1553009fa320f0685d
83005cd6c947a7f7e8eee6e1098c136908cf2cf7
3e4b53067bfc7e530a6111000c95f15f39f03fb38683b62a7d1d4d419a46e06d
GET /libtrc/static/video/v1659348071/udzke7q4a7y642spip6z.mp4 HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
x-amz-id-2: /xZsC5/lo7i8wqqWqAb+St97M1K3z79Qo/KS+cQuS2vzFu/MbVPh+Y28BP5F4RDtV7w5IUI6Hsw=
x-amz-request-id: JQJSGVJ7X9RP0XZF
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Aug 2022 10:01:18 GMT
etag: "453bff809f1a5a1553009fa320f0685d"
x-amz-version-id: 55DdvObX3vDLZkwgT0pwKJ1KzWcOVrdS
content-type: video/mp4;codecs=avc1
server: AmazonS3
accept-ranges: bytes
age: 22
content-range: bytes 0-456569/456570
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1670057896.516514,VS0,VE1
cache-control: private,max-age=31536000
abp: 47
content-length: 456570
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
151.101.193.44200 OK 55 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 66bfadba97d99ad0f01937e3c5aaf23d
b39467fd69f8649d2f9cded664d349c8121727a7
175589375fc4c83fb11b21c458a810e7d3151e4947b16683860ea916cef8934a
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 487162476531458489843398520959864332831,380557120827242204309196295110066286773,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 487162476531458489843398520959864332831,380557120827242204309196295110066286773,29ecf9b93bbf306179626feeda1fab70
etag: "07d69fa728d4e810fea8f4dc1ee3ee9f"
expiration: expiry-date="Mon, 21 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 21 Oct 2022 17:57:36 GMT
req-referer: http://oqn.rse.argus.int/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 291
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 1525203
x-served-by: cache-iad-kjyo7100150-IAD, cache-iad-kjyo7100135-IAD, cache-bur-kbur8200073-BUR, cache-iad-kcgs7200102-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1670057896.517155,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
x-vcl-time-ms: 1
content-length: 54758
X-Firefox-Spdy: h2
get-info.downsub.com/eyJjdCI6InhMQjNSMmRhVjIzQkxEZzJpR0hzS3c9PSIsIml2IjoiOGUyYTgyMTFmMzg5ZjdjMzI0MTQzZDJhZTE5ZjhmN2UiLCJzIjoiMmQ2NTBkOTk4NTk2NGExOCJ9
172.67.204.139200 OK 86 kB URL HTTP/2 get-info.downsub.com/eyJjdCI6InhMQjNSMmRhVjIzQkxEZzJpR0hzS3c9PSIsIml2IjoiOGUyYTgyMTFmMzg5ZjdjMzI0MTQzZDJhZTE5ZjhmN2UiLCJzIjoiMmQ2NTBkOTk4NTk2NGExOCJ9
IP 172.67.204.139:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
Hash c4a5a8a30ee2fcac0b3ac44226ddf3a7
b8fbb2c006df0668eaf7b8c3273bcc0bfb81f926
ef313d1c281e3562a021ee75fa27295518f4763ae4fc989067bf9fc1fa08d6aa
GET /eyJjdCI6InhMQjNSMmRhVjIzQkxEZzJpR0hzS3c9PSIsIml2IjoiOGUyYTgyMTFmMzg5ZjdjMzI0MTQzZDJhZTE5ZjhmN2UiLCJzIjoiMmQ2NTBkOTk4NTk2NGExOCJ9 HTTP/1.1
Host: get-info.downsub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:12 GMT
content-type: application/json
access-control-allow-origin: https://downsub.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GkDf5WnkppAw%2F6NhFAJCbLOhqinHxXXb9%2FJIZcILVhC56xlyOWe30PP5U6%2BBQy8blYoufQKFrxXcipKQSU2%2B3sE35WlmlOUcLKJnPQRxsB5JSJxQLWWSN6RV5KzvRx0Jp8FN12jFfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b19619c7c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg
151.101.193.44200 OK 7.9 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf25b96c4823078e53b31f8557f2bdbd
2ce715fe73411e6703324d5483309cc340681242
70250bf85b89f2986de811a4a10dbeea364d7db93208068263241759e13d572d
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 457048565967574064239965785660858476183,441326658986685637957213755838494944928,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 457048565967574064239965785660858476183,441326658986685637957213755838494944928,29ecf9b93bbf306179626feeda1fab70
etag: "9bc89f05e005b843f3871224ca05ef33"
last-modified: Fri, 14 Oct 2022 04:02:35 GMT
req-referer: https://www.dailynews.co.th/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 4f784b86401ab6626545125ee15c87cf
x-envoy-upstream-service-time: 467
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2410530
x-served-by: cache-iad-kiad7000158-IAD, cache-iad-kcgs7200168-IAD, cache-lga21951-LGA, cache-iad-kjyo7100060-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 2, 1
x-timer: S1670057896.526121,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg
x-vcl-time-ms: 1
content-length: 7860
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
151.101.193.44200 OK 6.5 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0f6f183cb6fea10e684805cfcf44c995
67af73f9c8b4d79e9743b4dfe8972ef02f5c9e11
28cdbd83382d5f532d3ff4f588b42cff299dd9c513d0aa1bd203a417daaa71c5
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 522386631016027178862069804243359678773,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 522386631016027178862069804243359678773,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
etag: "4a9f4a3b5712deea865ef5eb8f70ef63"
last-modified: Wed, 30 Nov 2022 04:33:40 GMT
req-referer: https://www.nbcnews.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 167c91b6b288b7cc9bf47ee75bfabd89
x-envoy-upstream-service-time: 169
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 274416
x-served-by: cache-iad-kcgs7200113-IAD, cache-iad-kiad7000063-IAD, cache-chi-kigq8000175-CHI, cache-iad-kiad7000150-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 2, 1, 16, 1
x-timer: S1670057896.526147,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
x-vcl-time-ms: 1
content-length: 6478
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg
151.101.193.44200 OK 2.7 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ddea64bdf74b2e59d86b0de1b3a1ea5b
765bc49ea78b1d5a379a691df59e188ba3dde6ba
f9115f66d470460b2c6b6d6e2e552d566c2efead09d3eacc0c839a5581e052bb
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 472065738987423655202224203246839100517,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 472065738987423655202224203246839100517,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "850ef27ddc6d28c050fa9319d44f9892"
last-modified: Mon, 10 Oct 2022 21:54:40 GMT
req-referer: https://pacificadvocate.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: e0025073a8ae45971f3af197994fe623
x-envoy-upstream-service-time: 89
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4609705
x-served-by: cache-iad-kiad7000029-IAD, cache-iad-kjyo7100052-IAD, cache-lax10638-LGB, cache-iad-kcgs7200127-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 5989, 1
x-timer: S1670057896.526165,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg
x-vcl-time-ms: 1
content-length: 2680
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg
151.101.193.44200 OK 17 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6b340cb16201f3aeba290f99fd324de2
f969e4b070d67bf6947336160d7ea7703664e556
c9249c299756cfa8ca73b2b6e2faf9b6c1ac3b1c265a29c1993fdfcb95fe6030
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 604581218713115417347316970314287167264,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 604581218713115417347316970314287167264,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "cd57e4f9f28b52579d496b3e3fbac088"
expiration: expiry-date="Fri, 21 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 20 Sep 2022 09:01:57 GMT
req-referer: https://www.middletownpress.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 79
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4132519
x-served-by: cache-iad-kiad7000108-IAD, cache-iad-kcgs7200175-IAD, cache-lga21973-LGA, cache-iad-kjyo7100027-IAD, cache-bma1659-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 4, 0, 49, 1
x-timer: S1670057896.526131,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg
x-vcl-time-ms: 1
content-length: 17020
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg
151.101.193.44200 OK 18 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 93bb22685547b93e4bacd88db60e9970
7c31a82757680ab5de2ca0adbe59e38edfa166ff
45c4cc5ee6aeab1f03372b295de3edfa495711a4646ccac87efeedd3fbf504fe
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 403205419503941504880473950173344994390,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 403205419503941504880473950173344994390,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "05e07b7d377f27fbaa43309197fae0fc"
last-modified: Fri, 23 Sep 2022 08:34:35 GMT
req-referer: https://www.herzindagi.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: bcfec54a47ca2cd7ef311b62c26ecf30
x-envoy-upstream-service-time: 107
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 6126500
x-served-by: cache-iad-kiad7000115-IAD, cache-iad-kjyo7100131-IAD, cache-lga21945-LGA, cache-iad-kjyo7100082-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 7, 1
x-timer: S1670057896.526189,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg
x-vcl-time-ms: 1
content-length: 18214
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg
151.101.193.44200 OK 7.0 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0fdc143e052900c4490aa6f798117b5b
b875de9d6309a3735e342e5dacabc633da6c20bc
78fa943a958ce3d6cebe31b0df05b8cc161476e86a1f37595bbe27f31d44ccc5
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 389772115782525208472606412026822934037,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 389772115782525208472606412026822934037,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "ac9bf38df6e68c3cd35f6ee5d3c75aaa"
last-modified: Sun, 16 Oct 2022 03:21:53 GMT
req-referer: https://article.auone.jp/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 241d46e5f107fcb6b830a99fdaa5a3ba
x-envoy-upstream-service-time: 318
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3337017
x-served-by: cache-iad-kjyo7100161-IAD, cache-iad-kiad7000088-IAD, cache-bur-kbur8200159-BUR, cache-iad-kjyo7100020-IAD, cache-bma1659-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 10, 1
x-timer: S1670057896.527533,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg
x-vcl-time-ms: 1
content-length: 6972
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
151.101.193.44200 OK 9.8 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1cfb032751e5b844217ece66cfe92665
dd689708f1c7fd7a8383c6acb82fc314be6a922d
72319cf0a093db58b8c5e66755a48539973592f5b38d669266651f875a644265
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 487162476531458489843398520959864332831,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 487162476531458489843398520959864332831,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "b2437807220ef050d2a53a3d8c6d5c5b"
expiration: expiry-date="Sat, 24 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 24 Aug 2022 19:30:17 GMT
req-referer: https://weather.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 21
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 6362607
x-served-by: cache-iad-kjyo7100167-IAD, cache-iad-kjyo7100167-IAD, cache-bur-kbur8200179-BUR, cache-iad-kiad7000031-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 3, 1, 60, 1
x-timer: S1670057896.526045,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
x-vcl-time-ms: 2
content-length: 9812
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
151.101.193.44200 OK 7.3 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9fd0d7b050575cf0ec779e9b88d84cda
064725046e149db62be96039b894f70d8b3562cd
2b68f8d0e34db66ffa0ebe451171dff000c4652a9df3658abcdc8b1c2254ada7
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 428701243045603640453120565822597348905,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 428701243045603640453120565822597348905,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "b0b1d1bc63cf10b78224c1a33adadfd9"
expiration: expiry-date="Fri, 07 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 06 Sep 2022 09:16:17 GMT
req-referer: https://www.corriere.it/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 184
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 5197863
x-served-by: cache-iad-kjyo7100054-IAD, cache-iad-kiad7000142-IAD, cache-lga21966-LGA, cache-iad-kcgs7200096-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 2167, 1
x-timer: S1670057896.527451,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
x-vcl-time-ms: 1
content-length: 7290
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
151.101.193.44200 OK 3.7 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 06f469e087d762cfc4981210f1bb077e
972803ea7a61577ef9f49bd30b168ab3f0fc5458
031806cd041cd01cdf65daca7f44703ea483afbca19534f3902afc0047da3fd7
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 522386631016027178862069804243359678773,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 522386631016027178862069804243359678773,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "1bfa6c852c795aaa2c9c1d3dee5248c2"
last-modified: Wed, 30 Nov 2022 04:33:39 GMT
req-referer: https://ads.taboola.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 86618c822255d03566fa882bef8d6eda
x-envoy-upstream-service-time: 701
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 275076
x-served-by: cache-iad-kiad7000174-IAD, cache-iad-kiad7000091-IAD, cache-lga21931-LGA, cache-iad-kcgs7200092-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 35, 1
x-timer: S1670057896.527647,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
x-vcl-time-ms: 1
content-length: 3668
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b
151.101.193.44200 OK 18 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b261b8b64e1cfa48eb580fc085ee4524
9b7a56f3d223e991026c7e3d09e2863063d5dcd1
ee75d123a1f230595d5a927468a90534d01c2321d0956a34fd8cfb3c26f3a76b
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 296865200012153021629129550364907341594,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 296865200012153021629129550364907341594,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "379ea22c087d556578e17aa21979a8f4"
expiration: expiry-date="Tue, 22 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sat, 22 Oct 2022 07:31:21 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 1674
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3309878
x-served-by: cache-iad-kcgs7200131-IAD, cache-iad-kcgs7200045-IAD, cache-bur-kbur8200069-BUR, cache-iad-kiad7000177-IAD, cache-bma1659-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 1, 1
x-timer: S1670057896.527507,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b
x-vcl-time-ms: 1
content-length: 18068
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg
151.101.193.44200 OK 6.6 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f2a6f1686f8ab3d3c2cd4d1563ef0b61
e1d34c0ecaf5eaa24e4933fef8749f73071125a6
ec413235a993862957d16745fb2c823f11fc4c9dd042441fb4485ea423517fbf
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 593217246166900275987239473964143511484,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 593217246166900275987239473964143511484,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "a21ac07d1a9ac6eb257ff0dc8c1b451c"
expiration: expiry-date="Tue, 18 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sat, 17 Sep 2022 23:55:31 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 154
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4931721
x-served-by: cache-iad-kcgs7200089-IAD, cache-iad-kiad7000083-IAD, cache-lax10647-LGB, cache-iad-kcgs7200137-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 65, 1
x-timer: S1670057896.527568,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg
x-vcl-time-ms: 1
content-length: 6564
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg
151.101.193.44200 OK 13 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b2c2ffe493bd0edd07a1addc5c9d83ff
6b8d26f54e3711dc27c69ef2892e6d6ea93801dc
131870281a006558cadb95e859f391ed2b290877e6e76c1354389239639afcbb
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 626998414654207768775251811540747712995,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 626998414654207768775251811540747712995,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "3ecfdbc4c004b99c514fa95ea971bc90"
last-modified: Sun, 11 Sep 2022 04:15:50 GMT
req-referer: https://sports.ndtv.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: c6b7aba705060b5d0c9b92f10edb255c
x-envoy-upstream-service-time: 147
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4547764
x-served-by: cache-iad-kiad7000123-IAD, cache-iad-kiad7000081-IAD, cache-bur-kbur8200170-BUR, cache-iad-kiad7000033-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 98, 1
x-timer: S1670057896.527474,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg
x-vcl-time-ms: 1
content-length: 12826
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
151.101.193.44200 OK 7.5 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b2355f630c00202ef0da4a6dccecf756
b0d3985492eb70a69c1d50dc87746267f4183dc2
a74c185fac95d0ca9736f70f065bdc69248b3bef62b2bdad65122a0a75042787
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 512515966045447238340819189393816696794,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 512515966045447238340819189393816696794,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "e4579c30f0871cf36780ef7fd8ff0890"
expiration: expiry-date="Mon, 07 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 07 Oct 2022 04:13:49 GMT
req-referer: https://telugucinema.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 77
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2371304
x-served-by: cache-iad-kiad7000070-IAD, cache-iad-kcgs7200101-IAD, cache-sna10750-LGB, cache-iad-kjyo7100030-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 32, 1
x-timer: S1670057896.527550,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
x-vcl-time-ms: 1
content-length: 7548
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
151.101.193.44200 OK 13 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2ae56d079adba0bcc4977d33685fe749
5d38a0f50940eed2ba0fedc64137481ca4e664d5
dd1357fa748005d3707c9eb33eb4388c33b76e58d453311cfff0d0a2748ec03d
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20 HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 444593436489081238685764127687054956608,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 444593436489081238685764127687054956608,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "cf5492ce7c27089ecd2c0fc9ff256857"
expiration: expiry-date="Sun, 13 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Thu, 13 Oct 2022 03:42:07 GMT
req-referer: https://haraguro.napbizblog.jp/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 1053
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2149933
x-served-by: cache-iad-kiad7000095-IAD, cache-iad-kcgs7200179-IAD, cache-chi-klot8100094-CHI, cache-iad-kcgs7200021-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1670057896.527628,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
x-vcl-time-ms: 1
content-length: 13342
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg
151.101.193.44200 OK 7.4 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b1c9841a124abb7e6ba12e11b1d24198
737a4caf5bb90cbd3fd9b0828641477c43a731b8
113767dddad5879d00bdd851d2c04c0505d69544d63c4bdf5a59657eedc8555a
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 589121519206399478593719326984951023035,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 589121519206399478593719326984951023035,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "fcc6ba96ef9b63c4eff09c1652282c3f"
expiration: expiry-date="Thu, 13 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 12 Sep 2022 16:44:33 GMT
req-referer: https://weather.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 159
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 5153271
x-served-by: cache-iad-kcgs7200131-IAD, cache-iad-kcgs7200084-IAD, cache-lga21942-LGA, cache-iad-kjyo7100104-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 160, 1
x-timer: S1670057896.527611,VS0,VE13
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg
x-vcl-time-ms: 13
content-length: 7422
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/next-up-widget.20221201-24-RELEASE.es6.js
151.101.193.44200 OK 4.6 kB URL HTTP/2 cdn.taboola.com/libtrc/next-up-widget.20221201-24-RELEASE.es6.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (16595)
Hash 062b49e0f1e91cdb17b6964efaad040c
4fa60d2a03e9d688ecaeddd56d1fae55830c03db
ff29a6c270030647c18c7d958245b00116c54607d50e9dce1891ac314de76045
GET /libtrc/next-up-widget.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: NmkV8a6mDCbb5/d/14M4bc/rYWrNGgrDJ86HEOWfas8MGnhnYXxTLKZ7/fjcISadS/3YbG7Up18=
x-amz-request-id: QKSF1XG0Q978CF51
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:01:18 GMT
etag: "04caa4cde47837aa18470cb085ef65a1"
x-amz-version-id: UcURF1Ml7FUZ26FyLlhDWTm1mxwSetm4
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 15
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670057896.614571,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 4623
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png
151.101.193.44200 OK 9.4 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e20d1926c07edb17012a33a90ff1d663
010b0d6332903b3f5597ea38bc96466a56b80a60
012417c9eb0ab0b66385ecbdf7287ee37ee4910805e49e1005c3248244597eab
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 330188181233421625896439828083131949610,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 330188181233421625896439828083131949610,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
etag: "ed40967dd56ffed2e08619470755eb4a"
expiration: expiry-date="Sat, 29 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 28 Sep 2022 08:03:11 GMT
req-referer: https://d-42054797002294232028.ampproject.net/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 167
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3302674
x-served-by: cache-iad-kiad7000064-IAD, cache-iad-kiad7000094-IAD, cache-bur-kbur8200132-BUR, cache-iad-kjyo7100104-IAD, cache-bma1659-BMA
x-cache: HIT, HIT, MISS, HIT, MISS
x-cache-hits: 1, 1, 0, 2, 0
x-timer: S1670057896.527496,VS0,VE96
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png
x-vcl-time-ms: 96
content-length: 9448
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg
151.101.193.44200 OK 58 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5a66a2ddaa5bbe54f7c01da5f583698
e7047afc61f75390dc5f2fdf7af28a071937c21d
cba38cb371a5f5ebce4964007fbd5539bffb1df8bc64f6a21e22c47c1e1a6186
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 347421405159487881401166791228920074382,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 347421405159487881401166791228920074382,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
etag: "d1da99c1313e8e7b35a6cde85aa6b3e6"
expiration: expiry-date="Fri, 04 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 04 Oct 2022 21:11:52 GMT
req-referer: https://www.youm7.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 154
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3768896
x-served-by: cache-iad-kcgs7200074-IAD, cache-iad-kiad7000099-IAD, cache-chi-klot8100166-CHI, cache-iad-kcgs7200052-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, MISS
x-cache-hits: 0, 1, 1, 152, 0
x-timer: S1670057896.526094,VS0,VE102
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg
x-vcl-time-ms: 102
content-length: 57728
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 8.8 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
File type C source, ASCII text, with very long lines (29462)
Hash 4391de9cbbdb70ef0e6425deaf23e659
8110a5dac44a8a66d593c64fc40e5cded121b921
c8273b474187d5634038f71e3efd491af977d1e96bc5a41aa953a10dbe82bad2
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:14 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 768842
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-before-load%22%2C%22eventTime%22%3A1670057893133%7D&tim=08%3A58%3A13.134&id=4930&llvl=2&cv=20221201-24-RELEASE&
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-before-load%22%2C%22eventTime%22%3A1670057893133%7D&tim=08%3A58%3A13.134&id=4930&llvl=2&cv=20221201-24-RELEASE&
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-before-load%22%2C%22eventTime%22%3A1670057893133%7D&tim=08%3A58%3A13.134&id=4930&llvl=2&cv=20221201-24-RELEASE& HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:15 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
151.101.193.44200 OK 7.1 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3c093ff5f4160192a545b9841753d879
727b43ed636ae7574e9882970ddc1ae14b9f3e64
2707266323a6857d235dac1dba8cd6d452d9746dea7b46f332afaedc738d0b3e
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 487162476531458489843398520959864332831,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 487162476531458489843398520959864332831,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
etag: "2b80cf8934a29dc7caeb0dc8b5733af0"
expiration: expiry-date="Sat, 12 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 12 Oct 2022 02:33:00 GMT
req-referer: https://nyheter2.se/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 876
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2204207
x-served-by: cache-iad-kiad7000119-IAD, cache-iad-kiad7000117-IAD, cache-bur-kbur8200069-BUR, cache-iad-kjyo7100029-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 19, 1
x-timer: S1670057896.877116,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
x-vcl-time-ms: 1
content-length: 7074
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
151.101.193.44200 OK 3.0 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b7476a0e9ecc35fca92eb6fa1a72c824
392797bfc658fdb17f0a34b61492e4f3d26c2eea
f7296e4922e97e7b47de567082ea0a93095b3801b975e9e6b012edb20ac4d75d
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 522386631016027178862069804243359678773,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 522386631016027178862069804243359678773,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
etag: "a11eed65f1b31f23e26540245d3ad75e"
last-modified: Wed, 30 Nov 2022 04:33:40 GMT
req-referer: https://philnews.ph/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: d31daabc15f3519b26784c7797daa6f2
x-envoy-upstream-service-time: 352
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 274417
x-served-by: cache-iad-kcgs7200026-IAD, cache-iad-kcgs7200144-IAD, cache-chi-klot8100156-CHI, cache-iad-kiad7000051-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 139, 1
x-timer: S1670057896.881289,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
x-vcl-time-ms: 1
content-length: 2988
X-Firefox-Spdy: h2
il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-script-loaded%22%2C%22type%22%3A%22%7B%5C%22timeFromLoad%5C%22%3A4317%7D%22%2C%22eventTime%22%3A1670057893611%7D&tim=08%3A58%3A13.613&id=4945&llvl=2&cv=20221201-24-RELEASE&
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-script-loaded%22%2C%22type%22%3A%22%7B%5C%22timeFromLoad%5C%22%3A4317%7D%22%2C%22eventTime%22%3A1670057893611%7D&tim=08%3A58%3A13.613&id=4945&llvl=2&cv=20221201-24-RELEASE&
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-script-loaded%22%2C%22type%22%3A%22%7B%5C%22timeFromLoad%5C%22%3A4317%7D%22%2C%22eventTime%22%3A1670057893611%7D&tim=08%3A58%3A13.613&id=4945&llvl=2&cv=20221201-24-RELEASE& HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:15 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-missed%22%2C%22type%22%3A%22%7B%5C%22missedReason%5C%22%3A%5C%22already%20have%20been%20displayed%20on%20session%5C%22%2C%5C%22displayInSession%5C%22%3A0%7D%22%2C%22eventTime%22%3A1670057893614%7D&tim=08%3A58%3A13.614&id=4778&llvl=2&cv=20221201-24-RELEASE&
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-missed%22%2C%22type%22%3A%22%7B%5C%22missedReason%5C%22%3A%5C%22already%20have%20been%20displayed%20on%20session%5C%22%2C%5C%22displayInSession%5C%22%3A0%7D%22%2C%22eventTime%22%3A1670057893614%7D&tim=08%3A58%3A13.614&id=4778&llvl=2&cv=20221201-24-RELEASE&
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /downsub/log/3/abtests?route=AM:IL:V<i=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-missed%22%2C%22type%22%3A%22%7B%5C%22missedReason%5C%22%3A%5C%22already%20have%20been%20displayed%20on%20session%5C%22%2C%5C%22displayInSession%5C%22%3A0%7D%22%2C%22eventTime%22%3A1670057893614%7D&tim=08%3A58%3A13.614&id=4778&llvl=2&cv=20221201-24-RELEASE& HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:15 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c770ed8e1043091817cf67c2338116d2
eb799e23dbf7d7fd82d63ec0220007e5b8196e48
addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3646
Expires: Sat, 03 Dec 2022 09:59:01 GMT
Date: Sat, 03 Dec 2022 08:58:15 GMT
Connection: keep-alive
soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuIlHkQxBw%2FKHDwouLPdM90700YIxhiJrtmQRBe81a%2BerUx1V1PVPT1ZPAQDISDCeNJj75tNFk0Q8wcIMutFFoQdD7IH15t4FSFnmdmB0e9Q3%2FfqfYf3XtW9nfKY%2BCjp0bUPzbbSmq5GTb%2Fx2qbKhKlc4%2BrNRuA3%2FfONTZWthecbw9lhB28GftT0X2%2B8J3nfrLb8wPcDP2hcVlYmZrg6Z6Hyx3HQjP1m2GoGUYih%2FT92pQdHPYjBMXkBSkyf2fr5CRSfIEu%2FvyRdvzD5G%2B%2BmpaaFsRiIvY%2ByfmaqDOlyTKyHJNtbbMO4KSFfn4LJ9hYOYAa7Mwdgakq83wKwbG8hE2zw4EQp05AZmHgW1WACqSdQdAJu7kKJQwJwgasbyNKHV42t6O0Tls7YKTnz9B%2BoakrO%2FP4isvS7i1oNGzeMLgtlModhUkMNJ1C9CfJyH8W2B1XtgxefQYlfyOrTdWTp7obTBkocvRoHSTfmcm2lHVJ%2FJYyDYIUlCVuJ2mErjtprUYexeURKTaCSCbQcgbpTKJ2HUnkoEw9l7iEVRw0axYnvdxKWtNvdkHPebnMedddEJNphN%2FFR8pmHEYp8BK5H4PYOcnsHfTWCLX%2BE26rhhAdXEAxEjUoSVI6gogSVIqgKgmpQPxDatVz9UGhXsmDRW4versem6O3QB6boyYzs5Mfk%2BXlwf7%2FF0ZdHDSFlmLTCKKIsbAseJ2FIo6TVTTj3RSI7cKqGcqdAnYdtNSXn7m0iV4e31sHoPpzeB1fnQMuXQatxp%2BWDbo3Dro%2Ft7JEwVeZK1uQmhTA18uIMitvejj4mL81FxH%2BeheQHF776YuOP8%2BITcFsjtzVuqZ8Ievr%2B%2BLqpyO51UznyZCMvVKq26exlbxS0kKe%2F%2FUDerowVVy650Tdv8xkxGx%2FflK5Yp5lQWc%2BRRxeVENJeNpZL8sMVtynZtdJtXSxtVubr1965fCXNrXROmWwCqg4%2F%2FhRcTclZ25%2F%2F2Vf%2Beh%2FKTmDLGml5QBYFZSbg%2BR24fKneGQKrlzss91CV9di22PJSKwItl5iyGu4%2FmC3nHXcfPeuBFneRpTUGtsZA16B6BFeeHhe5Pbjwa3teYNobM229Xaat%2FvIkWqeOGjJK%2FET6LcmSmCUd6os4CWNG40B2WEQDFG7KP39u718AAAD%2F%2FwEAAP%2F%2FwT%2B5%2FIsEAAA%3D
173.233.137.36200 OK 7 B URL HTTP/1.1 soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuIlHkQxBw%2FKHDwouLPdM90700YIxhiJrtmQRBe81a%2BerUx1V1PVPT1ZPAQDISDCeNJj75tNFk0Q8wcIMutFFoQdD7IH15t4FSFnmdmB0e9Q3%2FfqfYf3XtW9nfKY%2BCjp0bUPzbbSmq5GTb%2Fx2qbKhKlc4%2BrNRuA3%2FfONTZWthecbw9lhB28GftT0X2%2B8J3nfrLb8wPcDP2hcVlYmZrg6Z6Hyx3HQjP1m2GoGUYih%2FT92pQdHPYjBMXkBSkyf2fr5CRSfIEu%2FvyRdvzD5G%2B%2BmpaaFsRiIvY%2ByfmaqDOlyTKyHJNtbbMO4KSFfn4LJ9hYOYAa7Mwdgakq83wKwbG8hE2zw4EQp05AZmHgW1WACqSdQdAJu7kKJQwJwgasbyNKHV42t6O0Tls7YKTnz9B%2BoakrO%2FP4isvS7i1oNGzeMLgtlModhUkMNJ1C9CfJyH8W2B1XtgxefQYlfyOrTdWTp7obTBkocvRoHSTfmcm2lHVJ%2FJYyDYIUlCVuJ2mErjtprUYexeURKTaCSCbQcgbpTKJ2HUnkoEw9l7iEVRw0axYnvdxKWtNvdkHPebnMedddEJNphN%2FFR8pmHEYp8BK5H4PYOcnsHfTWCLX%2BE26rhhAdXEAxEjUoSVI6gogSVIqgKgmpQPxDatVz9UGhXsmDRW4versem6O3QB6boyYzs5Mfk%2BXlwf7%2FF0ZdHDSFlmLTCKKIsbAseJ2FIo6TVTTj3RSI7cKqGcqdAnYdtNSXn7m0iV4e31sHoPpzeB1fnQMuXQatxp%2BWDbo3Dro%2Ft7JEwVeZK1uQmhTA18uIMitvejj4mL81FxH%2BeheQHF776YuOP8%2BITcFsjtzVuqZ8Ievr%2B%2BLqpyO51UznyZCMvVKq26exlbxS0kKe%2F%2FUDerowVVy650Tdv8xkxGx%2FflK5Yp5lQWc%2BRRxeVENJeNpZL8sMVtynZtdJtXSxtVubr1965fCXNrXROmWwCqg4%2F%2FhRcTclZ25%2F%2F2Vf%2Beh%2FKTmDLGml5QBYFZSbg%2BR24fKneGQKrlzss91CV9di22PJSKwItl5iyGu4%2FmC3nHXcfPeuBFneRpTUGtsZA16B6BFeeHhe5Pbjwa3teYNobM229Xaat%2FvIkWqeOGjJK%2FET6LcmSmCUd6os4CWNG40B2WEQDFG7KP39u718AAAD%2F%2FwEAAP%2F%2FwT%2B5%2FIsEAAA%3D
IP 173.233.137.36:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuIlHkQxBw%2FKHDwouLPdM90700YIxhiJrtmQRBe81a%2BerUx1V1PVPT1ZPAQDISDCeNJj75tNFk0Q8wcIMutFFoQdD7IH15t4FSFnmdmB0e9Q3%2FfqfYf3XtW9nfKY%2BCjp0bUPzbbSmq5GTb%2Fx2qbKhKlc4%2BrNRuA3%2FfONTZWthecbw9lhB28GftT0X2%2B8J3nfrLb8wPcDP2hcVlYmZrg6Z6Hyx3HQjP1m2GoGUYih%2FT92pQdHPYjBMXkBSkyf2fr5CRSfIEu%2FvyRdvzD5G%2B%2BmpaaFsRiIvY%2ByfmaqDOlyTKyHJNtbbMO4KSFfn4LJ9hYOYAa7Mwdgakq83wKwbG8hE2zw4EQp05AZmHgW1WACqSdQdAJu7kKJQwJwgasbyNKHV42t6O0Tls7YKTnz9B%2BoakrO%2FP4isvS7i1oNGzeMLgtlModhUkMNJ1C9CfJyH8W2B1XtgxefQYlfyOrTdWTp7obTBkocvRoHSTfmcm2lHVJ%2FJYyDYIUlCVuJ2mErjtprUYexeURKTaCSCbQcgbpTKJ2HUnkoEw9l7iEVRw0axYnvdxKWtNvdkHPebnMedddEJNphN%2FFR8pmHEYp8BK5H4PYOcnsHfTWCLX%2BE26rhhAdXEAxEjUoSVI6gogSVIqgKgmpQPxDatVz9UGhXsmDRW4versem6O3QB6boyYzs5Mfk%2BXlwf7%2FF0ZdHDSFlmLTCKKIsbAseJ2FIo6TVTTj3RSI7cKqGcqdAnYdtNSXn7m0iV4e31sHoPpzeB1fnQMuXQatxp%2BWDbo3Dro%2Ft7JEwVeZK1uQmhTA18uIMitvejj4mL81FxH%2BeheQHF776YuOP8%2BITcFsjtzVuqZ8Ievr%2B%2BLqpyO51UznyZCMvVKq26exlbxS0kKe%2F%2FUDerowVVy650Tdv8xkxGx%2FflK5Yp5lQWc%2BRRxeVENJeNpZL8sMVtynZtdJtXSxtVubr1965fCXNrXROmWwCqg4%2F%2FhRcTclZ25%2F%2F2Vf%2Beh%2FKTmDLGml5QBYFZSbg%2BR24fKneGQKrlzss91CV9di22PJSKwItl5iyGu4%2FmC3nHXcfPeuBFneRpTUGtsZA16B6BFeeHhe5Pbjwa3teYNobM229Xaat%2FvIkWqeOGjJK%2FET6LcmSmCUd6os4CWNG40B2WEQDFG7KP39u718AAAD%2F%2FwEAAP%2F%2FwT%2B5%2FIsEAAA%3D HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:15 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0ab2ba524c5d94095977d02fb2aef76
Strict-Transport-Security: max-age=0; includeSubdomains
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
151.101.193.44200 OK 9.0 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e7b398c7c3e63b897c375ca79bb0ba68
589c1d2a345cf4000042f6fc89a223094807ec6a
043b142cb8b59f326625ff06a9e657db927e5c0aa869bde71a34b68bb9c1f0fa
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 512515966045447238340819189393816696794,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 512515966045447238340819189393816696794,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "7f483343d26721703206d2bddae5c18c"
expiration: expiry-date="Mon, 12 Dec 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 11 Nov 2022 05:35:47 GMT
req-referer: https://www.espn.com.ar/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 116
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1027346
x-served-by: cache-iad-kiad7000068-IAD, cache-iad-kcgs7200113-IAD, cache-chi-klot8100163-CHI, cache-iad-kcgs7200146-IAD, cache-bma1659-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 211, 1
x-timer: S1670057896.021530,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
x-vcl-time-ms: 1
content-length: 8978
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png
151.101.193.44200 OK 6.5 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 420d40a00403a76079dee4e09223cea6
43f1e310ce333086230f750c8167eae90d44dc99
ee31aa90e19c5a01223ffcb73c18c85bd60d80ed16634baa07b42e3a95c05b53
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 457835312966956032668230324825673620138,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 457835312966956032668230324825673620138,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "2f750790e458d690a5918a37821959d9"
expiration: expiry-date="Wed, 23 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sun, 23 Oct 2022 18:24:33 GMT
req-referer: https://games.espn.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 231
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1530583
x-served-by: cache-iad-kiad7000107-IAD, cache-iad-kcgs7200129-IAD, cache-bur-kbur8200048-BUR, cache-iad-kjyo7100087-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 7, 1
x-timer: S1670057896.021645,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png
x-vcl-time-ms: 1
content-length: 6504
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
151.101.193.44200 OK 36 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9e6a6d966dbafbeb152d03ab1d131db9
b6de5947c42cc3e9f551284e4d277a2db2a9ea87
9d52fd5799a8336458363f0f294c31a212c12c9400a74514deaeadac73d2c046
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20 HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 444593436489081238685764127687054956608,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 444593436489081238685764127687054956608,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
etag: "070c3456daa1950e8e8408cbad0acb35"
last-modified: Fri, 28 Oct 2022 21:06:59 GMT
req-referer: https://www.msnbc.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 82230864f5bc9b5d02b16bd095d73921
x-envoy-upstream-service-time: 2121
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1469588
x-served-by: cache-iad-kcgs7200069-IAD, cache-iad-kiad7000126-IAD, cache-bur-kbur8200026-BUR, cache-iad-kiad7000059-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1670057896.021752,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
x-vcl-time-ms: 1
content-length: 36524
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f
151.101.193.44200 OK 33 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash af48c5f8166d249bd7e5d0d8d196760a
e100bebcfbeee1831a52e54f87c7280a715ef4c3
64eaba2ff0d69dc897d35248a25a9234ae7f5564cd69c98a0da3eefa64199d57
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 299145319762250653543709887277864577918,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 299145319762250653543709887277864577918,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
etag: "926da3a2aa4eb13096bb9fe94b0f42ed"
last-modified: Mon, 28 Nov 2022 18:12:52 GMT
req-referer: https://www.msnbc.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 8be79c356322ec788293e1908bc729c0
x-envoy-upstream-service-time: 1674
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 68647
x-served-by: cache-iad-kcgs7200051-IAD, cache-iad-kcgs7200132-IAD, cache-lga21926-LGA, cache-iad-kjyo7100119-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1670057896.021837,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f
x-vcl-time-ms: 1
content-length: 32650
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31589837&cb=1670057894019&uv=3245&tms=1670057894019&abt=amplean_vD!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1670057888552!ts:1670057894019&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31589837&cb=1670057894019&uv=3245&tms=1670057894019&abt=amplean_vD!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1670057888552!ts:1670057894019&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31589837&cb=1670057894019&uv=3245&tms=1670057894019&abt=amplean_vD!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1670057888552!ts:1670057894019&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-length: 0
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
151.101.193.44200 OK 8.3 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
IP 151.101.193.44:0
Hash a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991
GET /vpaid/units/32_4_5/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Bf8dw0NjA07TfpEMmKBaL+UFJWQuALEo7owO+vyJS0Z7+UM4VbN5qXqenI+jCaBsTF8hL6tqRMY=
x-amz-request-id: 89SNZ5N6GV47VA34
last-modified: Mon, 28 Nov 2022 10:07:46 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1669630065
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630064
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
age: 427736
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 106392
x-timer: S1670057896.130888,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4051
Expires: Sat, 03 Dec 2022 10:05:47 GMT
Date: Sat, 03 Dec 2022 08:58:16 GMT
Connection: keep-alive
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe1%2F6f%2Fbb%2Fe16fbbe9f31c82c23d1d57f9726b5fc7%2F1654616215.html&l=1038&fd=132
173.233.137.36200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe1%2F6f%2Fbb%2Fe16fbbe9f31c82c23d1d57f9726b5fc7%2F1654616215.html&l=1038&fd=132
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe1%2F6f%2Fbb%2Fe16fbbe9f31c82c23d1d57f9726b5fc7%2F1654616215.html&l=1038&fd=132 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/img/close.png
172.64.109.13200 OK 2.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/img/close.png
IP 172.64.109.13:0
File type PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cecae5111d5ff932a996679215ad573
f4c63abb5dc373aba5bc144c3831d98516cc7cc9
31f6aad6a88eca32f245dc6d0e030ef422f306b4f8479855b30e59b6dc134ebc
GET /sb/ssp/in-page_push/os/android/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/png
content-length: 2005
last-modified: Wed, 11 May 2022 09:01:03 GMT
etag: "627b7b4f-7d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1537602
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TrOyP5IUw6NNs%2F8PGYRjp%2BMiH88DQ2qdH8ToN3UB0c9K6A7c8i8JhYuF8gBmqkWp1v%2BW58j84hNF22xk%2FOqzHnMuZ7QPm1zQ9R9u%2FQNaAeRECZk6ZS3%2B%2FhRzUaRAXctRy5WngJ1M92N2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b2e0776d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js
172.64.109.13200 OK 142 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js
IP 172.64.109.13:0
Size 142 kB (142425 bytes)
Hash 212187a50bea4f6bc6dba7af57d0fe13
3e4aeae75aadcb659371eec3cb747b71ee9fb1ef
a334599eb1baa17f64e6e22ed7942256d1557362012eca2f2b77155498dc51df
GET /sb/ssp/in-page_push/os/android/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: application/javascript
last-modified: Wed, 11 May 2022 09:01:04 GMT
etag: W/"627b7b50-194"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1536287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=taFzWaZUt3IexNIarWO%2BMwwVVi9ps5A9yKcrej5qUDyf8iFl2wFO4UgicroMil%2FHKk4kNch0BLx4BnZbDAgnTBMgKklmjQN5PeSDlo0tEKVW2ZTs2wzXzhJhcG0a0PlddY7HQ3HX1ODb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b2e1976d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
172.64.109.13200 OK 1.7 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
IP 172.64.109.13:0
Hash ecaeaf5986be05dbafbe81dfd1ee6dd6
9c33d97715e4bb9982848ac49e167bbbffa2d89d
124bf164787087010239d30ce5d67db00c0fcdaf5cb95817b1a99fcbfbd2c6e3
GET /sb/ssp/in-page_push/os/android/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:01 GMT
etag: W/"627b7b4d-126c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1536287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BujtKDi8LQqaVqdepUZsY2x0y7xRVYSckKYjZH6oy5NYeaA9wB4moINphW0%2BcyTFepRljw7y73ZgZxY6nCdxgi7ErIa%2BPgzEXtp0DeKueXns1PfaYXPbFqPndkmTbuYwgJLkwTPGDcl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b2df676d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash b41923bd7bb50028b091e7cb25edc858
81c8661baa46e5b6e9284e00c8c7d1c6b7d5b4ab
9caf04bad80cbda489056bbbf99c2c604a51b7fd38114a5f149e284f1fc70aca
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 08:58:16 GMT
date: Sat, 03 Dec 2022 08:58:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3c0282fb1989711e4a48dce935bf7813
30bed8a42fc820e4feb64bd22ddfefe120889014
81e304f070d6b7aa4dc67c727523578cd18a665a5cfe674a3b1391f3f39fc11a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81E304F070D6B7AA4DC67C727523578CD18A665A5CFE674A3B1391F3F39FC11A"
Last-Modified: Thu, 01 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11414
Expires: Sat, 03 Dec 2022 12:08:30 GMT
Date: Sat, 03 Dec 2022 08:58:16 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7248e1dacafd3d9f50bd21ca11f2ce94
a573e4caa15e0d8411fa279b7e4bb7774e63e95f
dfe6f32c6acc58306d9e61008bebf9e678d12e73c1568ed6798a8180496a21c0
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5201
Cache-Control: max-age=146488
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Etag: "638a948f-1d7"
Expires: Mon, 05 Dec 2022 01:39:44 GMT
Last-Modified: Sat, 03 Dec 2022 00:13:03 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a031f649-72e8-11ed-a89e-1626150c0106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106
X-fe: 137
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a0365256-72e8-11ed-8281-13ae17dc0306; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 43
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg
151.101.193.44200 OK 5.8 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg
IP 151.101.193.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf5eb3d06f142c30b43a9e7fcf92fb8e
fd94cbb17e21d7183d9777ecf52e6c040a720749
6268f10f33dd8e32e9c067bb161749581e615dc34e6ac9c6c37d46396db00e1c
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 537101312646517812208096803579514386811,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 537101312646517812208096803579514386811,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
etag: "cc4058ba19aec1738b66dc1567b498fd"
last-modified: Fri, 02 Dec 2022 10:16:35 GMT
req-referer: https://downsub.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 0f29791686d5b41e2b933b8adaf8cc54
x-envoy-upstream-service-time: 452
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 0
x-served-by: cache-iad-kiad7000080-IAD, cache-iad-kjyo7100086-IAD, cache-bur-kbur8200067-BUR, cache-iad-kiad7000094-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0, 0
x-timer: S1670057896.880256,VS0,VE606
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg
x-vcl-time-ms: 606
content-length: 5776
X-Firefox-Spdy: h2
trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV<i=aa_test_for_monitoring_ctrl
151.101.193.44204 No Content 0 B URL HTTP/2 trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV<i=aa_test_for_monitoring_ctrl
IP 151.101.193.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /downsub/log/3/visible?route=IL%3AIL%3AV<i=aa_test_for_monitoring_ctrl HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2462
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.410332,VS0,VE91
x-vcl-time-ms: 91
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
172.64.109.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
IP 172.64.109.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/ssp/in-page_push/os/android/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:02 GMT
etag: W/"627b7b4e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1536287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kFrGkChpgjYdnTMy%2BM6rZriO2FVIlAYFOYUC%2B0CVSuSx0QprIqFYE8eC%2FN9ZukWOwDO9APfCJVamV%2BALNsHpPZDsoDcGvGjNrjc%2FTq0H10ZAIxlNbOTQJk0uU95Gw%2FTMCymHKfJN1fL6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b1de676d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79245&fd=137
173.233.137.36200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79245&fd=137
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79245&fd=137 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fstyle.css&l=4716&fd=140
173.233.137.36200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fstyle.css&l=4716&fd=140
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fstyle.css&l=4716&fd=140 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
trc.taboola.com/downsub/log/3/bulk?route=AM%3AIL%3AV<i=aa_test_for_monitoring_ctrl&bulkSize=14
151.101.193.44204 No Content 0 B URL HTTP/2 trc.taboola.com/downsub/log/3/bulk?route=AM%3AIL%3AV<i=aa_test_for_monitoring_ctrl&bulkSize=14
IP 151.101.193.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /downsub/log/3/bulk?route=AM%3AIL%3AV<i=aa_test_for_monitoring_ctrl&bulkSize=14 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 26824
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.419807,VS0,VE113
x-vcl-time-ms: 113
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash c0d527b1f9c1f1b14bdb24cd17590f7e
a05a6208c7e1083466a163009e10485973943a9b
a5b54b6861b3ece64f191b7c3921c6d2695418f41fc1a9a20106887a301a2e54
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 07 Dec 2022 07:18:16 GMT
ETag: "a05a6208c7e1083466a163009e10485973943a9b"
Last-Modified: Sat, 03 Dec 2022 07:18:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2795
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773b197d6f94fac0-OSL
cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png
45.133.44.9200 OK 70 B URL HTTP/2 cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:25:45 GMT
etag: "63656739-7ffb"
expires: Mon, 05 Dec 2022 08:58:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a06101c5-72e8-11ed-943c-1586fee60506; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506
X-fe: 44
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fjs%2Fscript.js&l=404&fd=143
173.233.137.36200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fjs%2Fscript.js&l=404&fd=143
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fjs%2Fscript.js&l=404&fd=143 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a064bce3-72e8-11ed-a8ca-182a6e990106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106
X-fe: 133
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 65b6e83c9cef41c312b3139d3b2514c4
04cc6429df7a02c9de47b07513dae643b5b0f911
6301ef8cf37410e579b623326e81766070ac7c9ef40a03b968577637a914490b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 08:58:16 GMT
Last-Modified: Sat, 03 Dec 2022 07:25:19 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h4OUocNtribyFVipHnkmXB9LV8Vv4ALSkAwn6DvZeq8gqa6bZ4OTtQ==
Age: 5577
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a06b82c6-72e8-11ed-8742-14684a3a0106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 117
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
soldierreproduceadmiration.com/pixel/sbs?c=1
173.233.137.36200 OK 0 B URL HTTP/1.1 soldierreproduceadmiration.com/pixel/sbs?c=1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://downsub.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 221062
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 749 B URL HTTP/2 am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (749), with no line terminators
Hash 938b01042b348e478f14c380799f6de5
3c0d693d005b6d470d4921f7efc3aa67aa9670a6
8ce31343fc76655d48f6234c26edfaf074724bb9afd61c2d7c72fb647f5efd39
GET /sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a06eaad4-72e8-11ed-b848-199e6d820106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 78
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://downsub.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 221041
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vidstat.taboola.com/content_v3.js
151.101.193.44200 OK 4.8 kB URL HTTP/2 vidstat.taboola.com/content_v3.js
IP 151.101.193.44:0
Hash a51838454dbf5be51e1c78b36215928e
4091520eecdca1a8d3a9dfa3e87423caf091d875
af78fe5ad4bc570ab5f318cc41dd6d0a5d3d34b9103226722384852160bae6a6
GET /content_v3.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 13:23:50 GMT
etag: "f7533e747bb02a8eb527ada4f2749620"
server: AmazonS3
via: 1.1 953ec33235d719831a6e6956b5e5bb7a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FFVJK_qv7a28BGKrUuijA7BmJqD1LcFInTlLav4SVzzPGnCkuo4hyA==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1655760
x-served-by: cache-bma1659-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 115457
x-timer: S1670057897.815045,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 4839
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
151.101.193.44200 OK 87 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP 151.101.193.44:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd
GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
age: 609774
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 169403
x-timer: S1670057897.815449,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.193.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.193.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
age: 5135
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 326
x-timer: S1670057897.817852,VS0,VE0
cache-control: private,max-age=31536000
abp: 47
content-length: 254
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
52.223.40.198200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 52.223.40.198:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
vidstatb.taboola.com/vid/blackScreen5.mp4
151.101.193.44206 Partial Content 91 kB URL HTTP/2 vidstatb.taboola.com/vid/blackScreen5.mp4
IP 151.101.193.44:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b2b087fe4ae638c533731c347fcd4df8
62851c888c21bb51cc04f13b6fc0451279fe0425
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 112873
x-served-by: cache-bma1659-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 41653
x-timer: S1670057897.823669,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31579697&cb=1670057894650&uv=3245&tms=1670057894650&su=3&abt=amplean_vD!ufm_vG&ft=0&unm=FEED_MANAGER&su=3&
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31579697&cb=1670057894650&uv=3245&tms=1670057894650&su=3&abt=amplean_vD!ufm_vG&ft=0&unm=FEED_MANAGER&su=3&
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31579697&cb=1670057894650&uv=3245&tms=1670057894650&su=3&abt=amplean_vD!ufm_vG&ft=0&unm=FEED_MANAGER&su=3& HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV<i=aa_test_for_monitoring_ctrl
151.101.193.44204 No Content 0 B URL HTTP/2 trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV<i=aa_test_for_monitoring_ctrl
IP 151.101.193.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /downsub/log/3/visible?route=IL%3AIL%3AV<i=aa_test_for_monitoring_ctrl HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 10104
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057897.824525,VS0,VE96
x-vcl-time-ms: 96
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 3c22e279d291dace2ffebfccdd4a59e9
fdbf29ff763b23ac646caa428d77367685d7cfa0
1869d3b43e88dfc33ed3b02aeda7b116c6d5c82e7486de9b752ec912ebdb946b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5074
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Last-Modified: Sat, 03 Dec 2022 07:33:43 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=_VABd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuJTJGNDd4dWE1WlJ2ZSUyRmxiVTFaZ29zSms; expires=Thu, 28 Dec 2023 08:58:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 263169
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
151.101.193.44200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP 151.101.193.44:0
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:17 GMT
via: 1.1 varnish
age: 3234
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 4360
x-timer: S1670057897.161720,VS0,VE0
vary: Accept-Encoding
abp: 47
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 561fc9500f286cbed4b8a40a7e3f4fda
b61aee5d87b48ce838250940a0d417665090f8a3
f644f090f9d1d513e2d555451081e72ada3b8c3507d9d7a950ff42de3dc3520c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5167
Cache-Control: max-age=95325
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Etag: "6389ccd7-139"
Expires: Sun, 04 Dec 2022 11:27:02 GMT
Last-Modified: Fri, 02 Dec 2022 10:00:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 561fc9500f286cbed4b8a40a7e3f4fda
b61aee5d87b48ce838250940a0d417665090f8a3
f644f090f9d1d513e2d555451081e72ada3b8c3507d9d7a950ff42de3dc3520c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5167
Cache-Control: max-age=95325
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Etag: "6389ccd7-139"
Expires: Sun, 04 Dec 2022 11:27:02 GMT
Last-Modified: Fri, 02 Dec 2022 10:00:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313
pips.taboola.com/
151.101.129.44200 OK 4 B IP 151.101.129.44:0
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://downsub.com
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:17 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8770
Expires: Sat, 03 Dec 2022 11:24:27 GMT
Date: Sat, 03 Dec 2022 08:58:17 GMT
Connection: keep-alive
ag.gbc.criteo.com/newidsd
185.235.84.61200 OK 37 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.61:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 15157837144d00a753168c6ba696f4d3
6ddc261f4ad61536f97f83100a79691c6cafb50c
d7f65d6987cdf244ef99e87d2294f169176a7148f79c956ccd306b01ce61b960
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 53240
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=91f89ce6-34a0-4911-bffb-5342953657bb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cb2a94ca455a4afd1cd8d8ea24681238&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=91f89ce6-34a0-4911-bffb-5342953657bb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cb2a94ca455a4afd1cd8d8ea24681238&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=91f89ce6-34a0-4911-bffb-5342953657bb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cb2a94ca455a4afd1cd8d8ea24681238&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Dec 2022 08:58:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed6bb646c760ebdc41c54b0ae0c3fdac
Strict-Transport-Security: max-age=0; includeSubdomains
dnacdn.net/dna
178.250.2.146200 OK 132 B IP 178.250.2.146:0
Hash 0816244abd3525a38c1228b28b60588f
e426b985cd48ba1b36c3bd5c70d15b271fd27739
f4df1461adafaf6ff5ae2d38d5890012c769d3a0372dc913b8eb30a6ff20d38a
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=_VABd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuJTJGNDd4dWE1WlJ2ZSUyRmxiVTFaZ29zSms
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI; expires=Thu, 28 Dec 2023 08:58:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 409231
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 9f38347cf64f419c10a84804440633ab
69250c04d17d4ef2721bb67159d76b707d5fb841
fbe68b4c819e8ec3f1acc2682a1b8176d092084404ccd0c39c177be2dabb6fad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4925
Cache-Control: max-age=85366
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Etag: "6389a6e2-13a"
Expires: Sun, 04 Dec 2022 08:41:03 GMT
Last-Modified: Fri, 02 Dec 2022 07:18:58 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 314
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
178.250.2.150200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP 178.250.2.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.42200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.42:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 134001
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://downsub.com/
x-crto-bundle: QW68Kl9VT2kyNXB0V0hWTmp0UkdKMjJwRnhLVG94Tk1JJTJGbzdQa2tIQkR3Q2VrTU5tZWI3TTY4a0RUNW0ydmRxWmtDeDJIJTJCYTF0N0NsSndQQkdCZFM0a1ZUJTJGR3Q4UG1LMUN5TWdLN1RPalFYbXVaMFM2MmJzbzRpWVQlMkZUcTQ0Snp6VjVBdmNrZU5nWGFqbG96dm5XVVVXbkJFZyUzRCUzRA
Origin: https://downsub.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://downsub.com
server-processing-duration-in-ticks: 2873697
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:15 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 07 Jun 2022 15:37:00 GMT
etag: W/"629f709c-40e"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 03 Dec 2022 09:58:15 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057894023&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-352057342&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3
151.101.193.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057894023&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-352057342&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3
IP 151.101.193.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057894023&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-352057342&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 126
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1431
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.053705,VS0,VE45
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com
IP 178.250.2.146:0
GET /syncframe?origin=rtus&topUrl=downsub.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=7e443ba0-fd68-4174-980f-7f6e31cb4faf; expires=Thu, 28 Dec 2023 08:58:16 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 914378
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=downsub.com&sn=FirefoxSyncframe&so=0&topUrl=downsub.com&info=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI&idsd=-959568686,-775014877&cw=1&rtusCallerId=72&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=downsub.com&sn=FirefoxSyncframe&so=0&topUrl=downsub.com&info=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI&idsd=-959568686,-775014877&cw=1&rtusCallerId=72&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=rtus&domain=downsub.com&sn=FirefoxSyncframe&so=0&topUrl=downsub.com&info=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI&idsd=-959568686,-775014877&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1629476
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057897190&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1913477560&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3
151.101.193.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057897190&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1913477560&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3
IP 151.101.193.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057897190&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1913477560&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 126
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1412
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:19 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057899.199877,VS0,VE77
vary: Accept-Encoding
X-Firefox-Spdy: h2
downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
188.114.97.1200 OK 0 B URL HTTP/2 downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
IP 188.114.97.1:0
GET /?url=https://www.youtube.com/watch?v=ih14zfnQHPU HTTP/1.1
Host: downsub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yI4t6YvfncqklqNMG5Sbe0r8U46%2BB%2FoiHMsglfGgd7ZYpSWZznjeii5TK1xj%2Fb5aOCuZvrX93ugS1DaFwzRyLh3tL4zICxIWQ1ZpuKMRIJiRqd1Vf6AtIJ859tDC9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773b195a1a43b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A13.379&route=AM:IL:V<i=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A860%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA%22%2C%22ui%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22uifp%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_vig%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7362%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A204%2C%22mw%22%3A547.5%2C%22fi%22%3A9%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10594319%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2
151.101.193.44200 OK 0 B URL HTTP/2 trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A13.379&route=AM:IL:V<i=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A860%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA%22%2C%22ui%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22uifp%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_vig%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7362%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A204%2C%22mw%22%3A547.5%2C%22fi%22%3A9%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10594319%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2
IP 151.101.193.44:0
GET /downsub/trc/3/json?tim=08%3A58%3A13.379&route=AM:IL:V<i=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A860%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA%22%2C%22ui%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22uifp%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_vig%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7362%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A204%2C%22mw%22%3A547.5%2C%22fi%22%3A9%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10594319%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.527433,VS0,VE177
vary: Accept-Encoding
x-vcl-time-ms: 177
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.140.24200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.140.24:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:14 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c251ca9edeebfc6b90a36b9db21cb200
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 03 Dec 2022 08:58:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vv3ii81nM3W4AWahbV9tN6dfIE%2FuSiIeDXp7Ug3SLfQ6h6CyaB03HVPdXFMCCE8jRyfekfSm7Xb5dgn1AjsKC5DiemFCH9vHMH9CdnAkNs%2FEMGKfU29mg9PoS4FncYZ50wdk6%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b19706918776d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
52.87.16.203200 OK 0 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP 52.87.16.203:0
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2