Report - downsub.com/?url=www.youtube.com/watch?v=ih14zfnQHPU

Report Overview

Submitted URL
downsub.com/?url=www.youtube.com/watch?v=ih14zfnQHPU
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-03 08:58:22
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
whiskerssituationdisturb.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453 B	467 B	173.233.137.36
gum.criteo.com	381	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	10 kB	178.250.2.146
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	1.8 kB	142.250.74.106
status.geotrust.com	3662	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	797 B	93.184.220.29
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	1.9 kB	104.18.21.226
sb.scorecardresearch.com	134	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	611 B	385 B	143.204.55.96
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	143.204.42.158
trc.taboola.com	602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.9 kB	28 kB	151.101.193.44
gem.gbc.criteo.com	6039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	493 B	185.235.84.42
taboola-supply-partners.tremorhub.com	3369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	611 B	201 B	52.87.16.203
dnacdn.net	3760	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	892 B	1.5 kB	178.250.2.146
pips.taboola.com	1840	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	341 B	151.101.129.44
csm.nl.eu.criteo.net	6830	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	595 B	358 B	178.250.2.150
am-vid-events.taboola.com	11733	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	212 B	141.226.228.48
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	386 B	45.133.44.4
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	11 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
facesnotebook.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	14 kB	192.243.59.12
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	404 B	18.185.190.54
images.taboola.com	1621	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	404 kB	151.101.193.44
ag.gbc.criteo.com	5925	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	529 B	185.235.84.61
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.6 kB	142.250.74.131
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.191.251.76
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.2 kB	95.101.11.115
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	5.9 kB	93.184.220.29
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	52 kB	142.250.74.168
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	709 B	423 B	192.243.61.225
get-info.downsub.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	534 B	87 kB	172.67.204.139
il-trc-events.taboola.com	22667	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	1.0 kB	185.106.33.48
cdn.creative-bars1.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	154 kB	172.64.109.13
sync.search.spotxchange.com	523	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	4.0 kB	185.94.180.125
wf.taboola.com	2328	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	1.1 kB	151.101.193.44
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
trc-events.taboola.com	1779	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	569 B	163 B	141.226.228.48
soldierreproduceadmiration.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.8 kB	38 kB	173.233.137.36
vidstatb.taboola.com	8893	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	443 B	92 kB	151.101.193.44
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
vidstat.taboola.com	1927	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	134 kB	151.101.193.44
am-match.taboola.com	12278	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	1.0 kB	141.226.228.48
cdn.taboola.com	1040	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	672 kB	151.101.193.44
i.ytimg.com	109	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	491 B	8.2 kB	142.250.74.118
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	394 B	45.133.44.9
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	954 B	33 kB	142.250.74.35
match.adsrvr.org	349	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	458 B	352 B	52.223.40.198
downsub.com	156101	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	880 B	1.4 kB	188.114.96.1
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	22 kB	142.250.74.14
friendshipmale.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	958 B	172.64.140.24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	whiskerssituationdisturb.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	soldierreproduceadmiration.com	Sinkholed
2022-12-03	medium	unseenreport.com	Sinkholed

JavaScript (35)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-T9M8G86	139 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-T9M8G86 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash bb1561a3a2b375aaab0d1b83b789c6c3 86f639a393a618277bf1aebf7d05e516ffda562a 7c67157377df48e83367687e0b50889066d50d78f74a5349018408ffafa3163d Loading...

	downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU	164 B	2023-03-08	2024-04-15
Pretty URL downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2024-04-15 00:36:28 Times Seen9 Hash 5f6146979ef9fe6b918c101f1156c2da 15c930206fa4fcec626fdd919ad52eae16ada9d1 680d479182d70228306782aac91b17e116263d8ad80a62db9e02c04c4f9b2b20 Loading...

	vidstat.taboola.com/lite-unit/3.9.8/UnitFeedManagerDesktop.min.js	107 kB	2023-03-08	2023-03-14
Pretty URL vidstat.taboola.com/lite-unit/3.9.8/UnitFeedManagerDesktop.min.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-14 17:14:30 Times Seen1 Hash 7fcf5cdb23e918c79141cd7bbdf0b9cc bd100949c1981d165c8bb90d45c7ea5844a42a04 81f956a5201477197f85f87f7a3faf16c4c87d3cac75160959ab5fdfb25a0da8 Loading...

	downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU	705 B	2023-03-08	2023-03-08
Pretty URL downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash 53603c69b10f9b369c39496425aa8392 7ae6bc06338ee5bf1482dade0f650a0fd7802d0d c7c9c08816678f0465340e7d61e3573d09a75c079d11d28144e665b2e48387b1 Loading...

	sb.scorecardresearch.com/beacon.js	3.9 kB	2023-03-07	2024-01-14
Pretty URL sb.scorecardresearch.com/beacon.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:19 Last Seen2024-01-14 12:48:16 Times Seen58 Hash eaf85c1c6758e84acfe134efd70e9373 5caec39b3ce7c2ec9912aff8ae6fa05aa9fb757e ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117 Loading...

	cdn.taboola.com/libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js	26 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash f22f818d304aaf3147a7332209833b6f 9b8a2a72601ee04d1851b313bf4ab28e7f0d0389 03983794343919784f7863d26ff9e2f67c9cb19a53bf08c8200a062ed1b71e4d Loading...

	downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU	112 B	2023-03-07	2023-04-05
Pretty URL downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:33 Last Seen2023-04-05 02:10:30 Times Seen82 Hash e47ee79f740c9eae02464288746f765d 9f2a84ab535d0c773c2d822221917b26446c6d46 24ca2d2952aa702f4191a162f59fbad191c648e851dae7876434baf548af95a7 Loading...

	cdn.taboola.com/libtrc/next-up-widget.20221201-24-RELEASE.es6.js	17 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/next-up-widget.20221201-24-RELEASE.es6.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash 04caa4cde47837aa18470cb085ef65a1 6b87047159027f2ca66384aa3a20e497937b1bfc 8b0914e183841f075457b3afcdefd6b78ddb2796a2bbcd918c969467b961a7b4 Loading...

	sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26	32 B	2023-03-08	2023-03-08
Pretty URL sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 IP 185.94.180.125 ASN #35220 SpotXchange, INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash 0347d1c9a2b5e337a31f66fe52546a1a 87755414feaaff6e8e7c7901b902ebcae65830d2 84ff562b332b16f706432b896271e87a5e37411a25e215d06c799b232bff8f76 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22downsub.com%22,%22topUrl%22:%22downsub.com%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.13979115671849185%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22downsub.com%22,%22topUrl%22:%22downsub.com%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.13979115671849185%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	downsub.com/js/chunk-b445b8bec18935ee0d30.js	3.6 kB	2023-03-08	2023-06-28
Pretty URL downsub.com/js/chunk-b445b8bec18935ee0d30.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-06-28 21:44:56 Times Seen4 Hash ec9ba0f46ee01d182442c91c03f3751c fc6ef4e146421fc7996180811d47ed98fb8e79ee 60fbb9fa51c6fec8232dbb30e61b3e62403c375dd07acd3c5d5ae3811ecf6bbe Loading...

	facesnotebook.com/de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js	37 kB	2023-03-08	2023-03-08
Pretty URL facesnotebook.com/de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash 06399fe1f11aa97e4ed0f0e61ed0714a 7e34cf22818db2999823512ae7abc7f8776cdf50 03441c4282c1a4d6989cd35c78283d9eddeb4ece3c27c8315c40318de4952313 Loading...

	cdn.taboola.com/libtrc/floating-unit.20221201-24-RELEASE.es6.js	7.8 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/floating-unit.20221201-24-RELEASE.es6.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash df99baa8f2c699ce2bac3b20f140f236 2d9415591e4ce12e6b965cd4a59b338e75d51a40 9e7cad2eb50e9a6f9601bf55c9c62e3d0b08de79ad82c477bfa3cb405bf0afba Loading...

	sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26	24 B	2023-03-07	2023-04-05
Pretty URL sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 IP 185.94.180.125 ASN #35220 SpotXchange, INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:15 Last Seen2023-04-05 02:02:51 Times Seen38 Hash 1e3bd14d71f3caf020f1c1b6f17af5c0 6b2cbc5e57a49c3d549a2157110c55f4494766c1 228fd0ed6f7661bc06d1e5474fdc18de96880b002491b53a52ff12bf8ac50945 Loading...

	vidstat.taboola.com/content_v3.js	17 kB	2023-03-07	2023-05-06
Pretty URL vidstat.taboola.com/content_v3.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:10 Last Seen2023-05-06 00:14:31 Times Seen71 Hash f7533e747bb02a8eb527ada4f2749620 2ff10223a724d85d59d39f5e2c068fa986271a83 12af7975664854ca36da674714083fa05297940fce71e42dabf688e2eb19a0f1 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 05:50:27 Times Seen1534 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js	440 kB	2023-03-08	2023-03-11
Pretty URL vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:30 Last Seen2023-03-11 23:28:00 Times Seen1 Hash 39ce943f9e071318eb814ebbd80c31e5 637a40ed9eb886421e91be2efe3eff49d7c345b8 d2a438345477c284b6ea53ff812d0a29086f9b4ffeed2fb37ad2f9b574bb56f7 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22downsub.com%22,%22topUrl%22:%22downsub.com%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.13979115671849185%22%7D	418 B	2023-03-07	2023-03-17
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22downsub.com%22,%22topUrl%22:%22downsub.com%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.13979115671849185%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:17 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 72ad3a00c4af14e8c301e9eafbe741ea 63dc5435a78e8b86fb54fa8be021d2f54b1903b1 d05385301aef1a77fd22c1c56c08102835063c8221b753de58aff20a800c95eb Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 17:13:18 Times Seen37097149 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.taboola.com/libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js	4.7 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash 427b7a4a33a7a67f6843aaa90bcf2843 2c840b230b2732f94796f7cde6bbbe4448500ea4 0464116a776593fe5fde1df8fd547a0a5d9830bbdcd7e31c59ef77df47a7bd79 Loading...

	cdn.taboola.com/libtrc/cta-component.20221201-24-RELEASE.es6.js	19 kB	2023-03-08	2024-02-11
Pretty URL cdn.taboola.com/libtrc/cta-component.20221201-24-RELEASE.es6.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:33:55 Last Seen2024-02-11 08:19:19 Times Seen1 Hash 9a21c0b5013b1bb1179b3dde32389dd1 27dacfda0752af41c6bff4f53517f83aa4277a96 25577ca6a2abe069dc63c0a1e066b5e5ab605c6fdf2cfb738d0752aee886283c Loading...

	cdn.taboola.com/scripts/cds-pips.js	3.5 kB	2023-03-08	2023-12-05
Pretty URL cdn.taboola.com/scripts/cds-pips.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:30 Last Seen2023-12-05 04:26:05 Times Seen293 Hash 383fa66d2a0a09f4a6e64a9593ad43bb 62d7b071d7ec77027d27887803cce960e211f69d 3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a Loading...

	downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU	142 B	2023-03-08	2024-04-15
Pretty URL downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2024-04-15 00:36:28 Times Seen9 Hash d8d3af1a6518faa3bb7a6600448856b5 2799a85ab80f1dac1500c80ad88bb81092ae245c 24d79f7de8af59adf53da2d6c3d58e7a661761ed574a4d334225f798b7558c0d Loading...

	cdn.taboola.com/libtrc/downsub/loader.js	340 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/downsub/loader.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash a68b26975bd56c7db7007ed92eac998d 516d5e09fd7410e1e446967dfc5d8fb44048a171 1211de8df16efd83763df1072af7f53205ec921dd190d94ba695e53c53e7c36f Loading...

	http:blank	619 B	2023-03-08	2024-04-14
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2024-04-14 09:02:26 Times Seen3 Hash fcda201fa1b966c689bb2efa771e4bc7 5dfcd9bd285ae98dd7f808356a58c6d521295eff cf6c65b4b24f6bbe7866877befbe78ea46e9d2e2b069d4f9bb7272859bf021a6 Loading...

	downsub.com/js/main.b12fc903f826c9b389f2.js	1.1 MB	2023-03-08	2023-03-10
Pretty URL downsub.com/js/main.b12fc903f826c9b389f2.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-10 13:48:53 Times Seen1 Hash 52b5fc199dd79c27c21242ef235a39cd 40040d78960bb901dbf70f3fe5889eaca37f53eb 07bc7c08ffd8eba9df1ec797c7c62d479ccc90eb126bcff22e42d2480d397038 Loading...

	cdn.taboola.com/libtrc/impl.20221201-24-RELEASE.js	709 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/impl.20221201-24-RELEASE.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:27 Last Seen2023-03-08 15:53:50 Times Seen1 Hash d386cb6b93c9fa2a208c3e367ce5a397 d50152dc9a0edc49fa56656d902151576f4fe8c5 ab3ef564dbe0d8c0898eb79d278ddeb153faba5a3f67d6c3fe3c49d1de7d8091 Loading...

	gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS	30 kB	2023-03-07	2023-03-17
Pretty URL gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS IP 178.250.2.146 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:17:20 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 49908b82b9e80d6ae18a2a5b3d383af9 b5fdbde84ebb8d44304a39a7eca9afc15fd0fc43 1294283dd1491c4767840ecaafa97659b0e3c560ef4048bd51907181c52af89e Loading...

	soldierreproduceadmiration.com/cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js	86 kB	2023-03-08	2023-03-08
Pretty URL soldierreproduceadmiration.com/cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash 6ffa97bce0783e1973baa893e8a47411 e3148d811743da308d8e28333269ce10bb8cbbfa 931ca0dd98725b9960451b5621d2bad9d978f1ab0fface68a3aa128bcb444c8c Loading...

	cdn.taboola.com/libtrc/userx.20221201-24-RELEASE.es6.js	18 kB	2023-03-08	2024-02-11
Pretty URL cdn.taboola.com/libtrc/userx.20221201-24-RELEASE.es6.js IP 151.101.193.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:30 Last Seen2024-02-11 08:19:19 Times Seen1 Hash 16f67637ac3bc1b6ccd63e6d03c34457 6064c0dd956cd634f6e0875ca75901c4863e4282 7399d0b9cf5755aa67146c03d75cf1a4180d2c447d8d0fac0ec2ac4cf9025e35 Loading...

	sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26	30 B	2023-03-08	2023-03-08
Pretty URL sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 IP 185.94.180.125 ASN #35220 SpotXchange, INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash fa350dfe7ca17a1380822a7a37d9a029 7ffa7fa70bc6fb5b6e0e629e078ef8a92b298fc3 9d5ff1d3162cef72412f60584eed6c37ac7a3a262b3195d8d100a149ae04e10a Loading...

	downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU	439 B	2023-03-08	2024-04-15
Pretty URL downsub.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dih14zfnQHPU IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:12:50 Last Seen2024-04-15 00:36:28 Times Seen9 Hash 036cd1785b4b2e4d3289ffb3d11c70e3 7f4f5c298cf5fed37199cb3cffe830202c34cd17 c6237f31c080ba4cd7782d6a747b645bd032dd1647707da27b1131349c250680 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d4e44b1f7e9b8d18e9ce20db585fc32d	34 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 15:12:50 Last Seen2023-03-08 15:12:50 Times Seen1 Hash d4e44b1f7e9b8d18e9ce20db585fc32d 2e3dce724d41fbbe5b08aa62cd1dd3da2035ac93 deb4d6a022effa91fd8b1d5b689de57c3d7c62be5aa7964809b83453cd5814ac Loading...

	#2 Eval - 37cd3bd2adbd29e7fafaf20f77f4bf43	18 B	2023-03-07	2024-04-15
Pretty Observations First Seen2023-03-07 01:02:19 Last Seen2024-04-15 12:57:44 Times Seen656 Hash 37cd3bd2adbd29e7fafaf20f77f4bf43 d4a665f4bf3dc9a6f3ea3a55c50c5a37c6bd05f5 0f3342bc14063d9ed7a669eb067b50ea17b2cb7dcb51968939b72fa9ac862d91 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2d6673eded37338627f4fc432783fc4d	759 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 12:04:33 Last Seen2023-05-06 00:14:31 Times Seen121 Hash 2d6673eded37338627f4fc432783fc4d bb226d552cec5533fb1d7fd8b486efa856d7f333 a7e9c7904cd65627b33964bbb90839a2fa154c33d9c353413da6dcdc4fba2295 Loading...

HTTP Transactions (152)

URL IP Response Size

downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU

188.114.96.1

301 Moved Permanently

0 B

URL HTTP/1.1
downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?url=https://www.youtube.com/watch?v=ih14zfnQHPU HTTP/1.1
Host: downsub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 08:58:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Dec 2022 09:58:10 GMT
Location: https://downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFxh7rahj5tkh%2B0M7JPyOY%2B8Itg5f8W%2F44w6uZnCs40x4wsmL3WqP2eNOPRUTR1lJXPCIHEAZW7fWkn3lhozZEDjPeMwdLL%2FpgDVz%2FHee2ck50MqqGzuKn1muOqQnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773b19584d5d1c06-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15580
Expires: Sat, 03 Dec 2022 13:17:50 GMT
Date: Sat, 03 Dec 2022 08:58:10 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5179
Cache-Control: max-age=97164
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:10 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:57:34 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4499
Expires: Sat, 03 Dec 2022 10:13:09 GMT
Date: Sat, 03 Dec 2022 08:58:10 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
c4898c772b2c372802722e6410f2d585
d664e01845b7ec0d04f7cf3df9f5837e4abf2682
a176a2b857bcd52406b0ccdaf0ddc7e3af31626193b7b8491231943e4d9a7768

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5913
Cache-Control: max-age=100053
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:10 GMT
Etag: "6389dc5e-118"
Expires: Sun, 04 Dec 2022 12:45:43 GMT
Last-Modified: Fri, 02 Dec 2022 11:07:10 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 08:18:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2396
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: lgrc+Y/fTGyhRaenk6cv9PvUY2vxgufscumQKDzY6mTitHx7srqSjws0QfAsQuuqWDELZeS9r2w=
x-amz-request-id: C094NNJQ5JZ0PZ8X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 08:46:30 GMT
age: 700
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 08:11:17 GMT
cache-control: public,max-age=3600
age: 2814
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
c4898c772b2c372802722e6410f2d585
d664e01845b7ec0d04f7cf3df9f5837e4abf2682
a176a2b857bcd52406b0ccdaf0ddc7e3af31626193b7b8491231943e4d9a7768

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5914
Cache-Control: max-age=100053
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Etag: "6389dc5e-118"
Expires: Sun, 04 Dec 2022 12:45:44 GMT
Last-Modified: Fri, 02 Dec 2022 11:07:10 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5164
Cache-Control: max-age=92087
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:32:58 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-T9M8G86

142.250.74.168

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-T9M8G86
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (8962)
Size
51 kB (50829 bytes)
Hash
bda903f47de9dd2ab1f3d34c4a3026bd
939219d667678488aa50fa445311a4dd1be48319
1fc9402eb5910dc0cf5d58eb93c5f5473512f7fd34e3c5b9d0666a1571721ad6

HTTP Headers

GET /gtm.js?id=GTM-T9M8G86 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Dec 2022 08:58:11 GMT
expires: Sat, 03 Dec 2022 08:58:11 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50829
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.191.251.76

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.191.251.76:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7Yj3N0TB/x5ktd7WVXqsgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jBYbecZsI94PKt2QzSsV1SEpme4=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2b7109f7fedfbe369b2c3d9661f59ace
84b651427ef6b73cb35d7dbd0edae0cf006522ca
92eabcca27d3deaf0e84be8af2ccadd3879c9c6fbc8a7d150979636b2e4ba139

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92EABCCA27D3DEAF0E84BE8AF2CCADD3879C9C6FBC8A7D150979636B2E4BA139"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5932
Expires: Sat, 03 Dec 2022 10:37:04 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive

www.google-analytics.com/analytics.js

142.250.74.14

200 OK

21 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
data
Size
21 kB (20853 bytes)
Hash
6584fe482cbad614fb0a2aa2634fb2bd
0e1c8c4b64d30c48c95d6c1f29f09f6edffc043b
c924e22ea9b7c9cf63a1caf50437d60fe0ec685ff8efab86be3e3ca6bc05ac34

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 03 Dec 2022 08:46:55 GMT
expires: Sat, 03 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 677
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/downsub/loader.js

151.101.193.44

200 OK

30 kB

URL HTTP/2
cdn.taboola.com/libtrc/downsub/loader.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (64960)
Size
30 kB (30049 bytes)
Hash
708a417295bff756a8a65df9d22d39b4
cd3551d6adf956b7a18a8767e45ad8bb91386197
9891fdb5d010cafe978e86b8805ac72790992601a5a4b31e10efd9dae610b5f8

HTTP Headers

GET /libtrc/downsub/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "516d5e09fd7410e1e446967dfc5d8fb44048a171"
last-modified: Fri, 02 Dec 2022 15:29:43 UTC
x-amz-id-2: 1gfdvM/0ql4Ox9k1cf6PQDXguvEnxPjaFehyRjjP0k51lVANUC9MNm32uoRi2lTmcGmfcjwh6zQ=
x-amz-request-id: 4FM1DTN8JJYE4YZP
x-amz-version-id: jLpvyTxUBg8BKRgOV9IMtB5VIS.oD98v
x-from-cache: 1
x-envoy-upstream-service-time: 9
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:12 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057893.641665,VS0,VE87
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 20
content-length: 30049
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/tr5?abgroup=aa_test_for_monitoring_ctrl

151.101.193.44

200 OK

3 B

URL HTTP/2
cdn.taboola.com/libtrc/tr5?abgroup=aa_test_for_monitoring_ctrl
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with no line terminators
Size
3 B (3 bytes)
Hash
cf1731f1eadf52f064e6059d699e7615
816201b65af045985cf47b5c7c58089759d00a45
2e34af284c28bf285781a36241b6e00ec74c81e6ae6858d52bdede5ebf7e37c1

HTTP Headers

GET /libtrc/tr5?abgroup=aa_test_for_monitoring_ctrl HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Varnish
retry-after: 0
content-type: text/html
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1670057893.929603,VS0,VE0
cache-control: private,max-age=14400
content-length: 3
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/impl.20221201-24-RELEASE.js

151.101.193.44

200 OK

147 kB

URL HTTP/2
cdn.taboola.com/libtrc/impl.20221201-24-RELEASE.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text
Size
147 kB (146889 bytes)
Hash
e0781ea0fcda3adafcf936855b3f4cd1
794e5868b0265b4ee0f7134d08da1cfcaefa8ac8
5aed54756011f2ed2fb98fa6fa016ef5e51940c341de05a955b61968452b0ca7

HTTP Headers

GET /libtrc/impl.20221201-24-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: rFDrDFdl4BZ4eIl3PtktQYpAVy1RE6POaQ9eRZxo+xxAX1n6SMNyHhkN5nza1KCxHfcBpzMAfto=
x-amz-request-id: PDD8ANKXRASKG9HN
last-modified: Thu, 01 Dec 2022 17:45:55 GMT
etag: "385cfb682512980cfe2f08fd62b6fb64"
content-encoding: br
x-amz-version-id: ofIXx6LEWRAEtEe5ALtgmKE0Y_JueXHu
content-type: application/javascript
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:12 GMT
via: 1.1 varnish
age: 25740
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 9513
x-timer: S1670057893.929707,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 47
server: AmazonS3-br
content-length: 146699
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8198
Expires: Sat, 03 Dec 2022 11:14:50 GMT
Date: Sat, 03 Dec 2022 08:58:12 GMT
Connection: keep-alive

facesnotebook.com/de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js

192.243.59.12

200 OK

14 kB

URL HTTP/1.1
facesnotebook.com/de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37192), with no line terminators
Size
14 kB (13460 bytes)
Hash
01188b5c1b8990e94ddf67f231bb8712
1925b102d9ecec5236145cafac787d8c790c2547
e15839987b3897827636a2d66aea72d62fb02fce451f4e5f207266870d3036a3

HTTP Headers

GET /de/e4/f2/dee4f2455ab43dc9f44a5f28fcc0dfe7.js HTTP/1.1
Host: facesnotebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 08:58:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45d8d46465f1753dd2057f44126c89eb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 00:57:24 GMT
age: 28849
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6119 bytes)
Hash
7ffa12df550123f63b20f67437cd8a04
398fd2d837c73f54c4591b69cd683f29bdf9184a
fd9ac4396488098923c27531295e64475047dd008a901e59915109a73a69f305

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6119
x-amzn-requestid: cac5842e-2b57-4eda-9b09-27ec8a0b1bf8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMiE7Hq0oAMFzHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381b085-151f123551f999a918de8a3a;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 06:21:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mrS561ug59NStQyD3cH4ndqGvY3QiLVeMFOoC86ktj52PghNjeYa5w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 20:55:39 GMT
age: 43354
etag: "398fd2d837c73f54c4591b69cd683f29bdf9184a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9715 bytes)
Hash
45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:51:06 GMT
age: 40027
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:02:08 GMT
age: 14165
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d568a89-ee21-427a-b971-0d1500164a62.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11942 bytes)
Hash
becc8cdba57494c6fe212eb67634e1eb
c8bd6bd9086e0a52b83b89dfd755e7ebba222fb8
fbb25b88b10a818bb0c6ad385b1e5ba54b87672c73bfa8a9c1ecb17dcc689d5a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d568a89-ee21-427a-b971-0d1500164a62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11942
x-amzn-requestid: ba8a5d03-7796-4c6d-a6df-3cc71b1c5259
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: chqukGmWoAMFtLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a24c3-609dc90d769060d30a16e3df;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 16:16:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: m6j_3bDGFIAHQYzrZ1zXqUb-HbEJ8XCoGH5mgBFOWRbLzoSiuNBnhg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:59:25 GMT
age: 39528
etag: "c8bd6bd9086e0a52b83b89dfd755e7ebba222fb8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11233 bytes)
Hash
dcdb77a21f91a4a280ac9a8efbc48bbd
74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d
5ee7c45f21b38c653d03a24b10a190a9e9266226d221b006e787cd3719088d7f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11233
x-amzn-requestid: 89afb72e-6967-47d0-a0ad-48cad8cd08e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIpgOEi0oAMFstg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638022ce-1e8087e734e71d611df75830;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 02:05:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d9wLy3xAxK6RiYf25v_GFT1gdezT8IzMxaFyGRuGm2nxOBh6uEOg3w==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:01:29 GMT
age: 39404
etag: "74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1670057892190&ns_c=UTF-8&c7=https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU&c8=Waiting%20-%20DownSub.com&c9=

143.204.55.96

204 No Content

0 B

URL HTTP/2
sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1670057892190&ns_c=UTF-8&c7=https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU&c8=Waiting%20-%20DownSub.com&c9=
IP
143.204.55.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1670057892190&ns_c=UTF-8&c7=https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU&c8=Waiting%20-%20DownSub.com&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 03 Dec 2022 08:58:14 GMT
set-cookie: UID=16E771c8085bc80e07224361670057894; domain=.scorecardresearch.com; path=/; max-age=62208000
x-cache: Miss from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zz1SOG85nSO0U07IYwv6uFlZORO6toI057HOa3xDUSDySvsy0e0axA==
X-Firefox-Spdy: h2

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19881
Expires: Sat, 03 Dec 2022 14:29:35 GMT
Date: Sat, 03 Dec 2022 08:58:14 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
833966236f5c9d8b8d1e09b852260dec
aead33bed8028b01b7504060382e14dc3b044524
0908f25e82681caf3a15895e5ed7c2c7a78de49404e7b4d940146dbd864c7cbb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i.ytimg.com/vi/ih14zfnQHPU/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLC6OhpKGfIS0o8NVcCXg1iNg27R0w

142.250.74.118

200 OK

7.5 kB

URL HTTP/2
i.ytimg.com/vi/ih14zfnQHPU/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLC6OhpKGfIS0o8NVcCXg1iNg27R0w
IP
142.250.74.118:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 168x94, components 3\012- data
Size
7.5 kB (7472 bytes)
Hash
21306348bff51fbcef1f1107e72232df
69c7135c16cba5524e0cd5a471b74cfefae26edb
54a0c6ad1208bf72108a69bb0927a73ee5a2e55a1db1c476f0a7ef22c06c3dac

HTTP Headers

GET /vi/ih14zfnQHPU/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLC6OhpKGfIS0o8NVcCXg1iNg27R0w HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 7472
date: Sat, 03 Dec 2022 08:58:14 GMT
expires: Sat, 03 Dec 2022 10:58:14 GMT
cache-control: public, max-age=7200
etag: "1634733682"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
833966236f5c9d8b8d1e09b852260dec
aead33bed8028b01b7504060382e14dc3b044524
0908f25e82681caf3a15895e5ed7c2c7a78de49404e7b4d940146dbd864c7cbb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8be4570a1d9d09c7b793e97ee1f6edaf
cb101195afa0dbb473bcd5050ee2ab4a25af825f
b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 08:58:14 GMT
Last-Modified: Sat, 03 Dec 2022 07:38:04 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: itJRFG1TOkrMT-HJtxPH7Zy8lRqHO_MajMh65IrzA6h9iXTTU6QIEQ==
Age: 4810

simplewebanalysis.com/stats

18.185.190.54

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
18.185.190.54:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
4e052a16e3af9b329a99aeef6e2aed41
a58fb51a0788926fa72e4e442e5b16bbf8e7a1e1
590fcff53265e84493e47aa0b5e5e48494079ff8496d69bb8aa611606a6822bc

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
set-cookie: uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; expires=Tue, 30 Nov 2032 08:58:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19881
Expires: Sat, 03 Dec 2022 14:29:35 GMT
Date: Sat, 03 Dec 2022 08:58:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
751e53a165aacea66a3736c42ae05095
bc9f28be437eacdbbb07405591f8a98d46ca6b75
2224a82e8bcee8ef6aedb550689943153a26021bfe9c8071a760e199610af02f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2224A82E8BCEE8EF6AEDB550689943153A26021BFE9C8071A760E199610AF02F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8611
Expires: Sat, 03 Dec 2022 11:21:45 GMT
Date: Sat, 03 Dec 2022 08:58:14 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
1d01c48aceb0aa610a1769d1398e403d
7c5e8e14bc685af339a979ceef6c2942994bd86e
925a72d059b45264690446d0e004cf1a96d4be10dbf614ad51113af07e82404a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5157
Cache-Control: max-age=99273
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:14 GMT
Etag: "6389dc4a-139"
Expires: Sun, 04 Dec 2022 12:32:47 GMT
Last-Modified: Fri, 02 Dec 2022 11:06:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313

trc-events.taboola.com/downsub/log/2/debug?tim=08%3A58%3A12.388&type=usage&msg=rtus&llvl=2&id=4844&cv=20221201-24-RELEASE&lt=aa_test_for_monitoring_ctrl&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D

141.226.228.48

204 No Content

0 B

URL HTTP/2
trc-events.taboola.com/downsub/log/2/debug?tim=08%3A58%3A12.388&type=usage&msg=rtus&llvl=2&id=4844&cv=20221201-24-RELEASE&lt=aa_test_for_monitoring_ctrl&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /downsub/log/2/debug?tim=08%3A58%3A12.388&type=usage&msg=rtus&llvl=2&id=4844&cv=20221201-24-RELEASE&lt=aa_test_for_monitoring_ctrl&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:14 GMT
x-fastly-to-nlb-rtt: 22107
access-control-allow-credentials: true
X-Firefox-Spdy: h2

soldierreproduceadmiration.com/cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js

173.233.137.36

200 OK

29 kB

URL HTTP/1.1
soldierreproduceadmiration.com/cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28771 bytes)
Hash
887dcee3f561bcd8c68a281c659e2982
989ec5192a7dd5ba442d8d63c0173fb2668780f1
eff3e5ab72359dbb5c6ae9dcff58b8dfa4fe63f18bb0f6cb842762057a99bbd9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cb/2a/94/cb2a94ca455a4afd1cd8d8ea24681238.js HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be6618bc90c9960b9d02e0074241274f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A12.393&lti=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A565%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A6775%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A201%2C%22mw%22%3A547.5%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Head%20of%20article%22%2C%22orig_uip%22%3A%22Head%20of%20article%22%2C%22cd%22%3A473.5%2C%22mw%22%3A559.5%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2

151.101.193.44

200 OK

25 kB

URL HTTP/2
trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A12.393&lti=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A565%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A6775%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A201%2C%22mw%22%3A547.5%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Head%20of%20article%22%2C%22orig_uip%22%3A%22Head%20of%20article%22%2C%22cd%22%3A473.5%2C%22mw%22%3A559.5%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
data
Size
25 kB (24984 bytes)
Hash
dddd31067756c027c32a59d69f774edf
086f5cd151a58aa613d3e3df27d138d849525a69
a8e18276acb33f8f8e46dcec52f347480723916171c0f0c408fefc3238363904

HTTP Headers

GET /downsub/trc/3/json?tim=08%3A58%3A12.393&lti=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A565%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A6775%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A201%2C%22mw%22%3A547.5%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Head%20of%20article%22%2C%22orig_uip%22%3A%22Head%20of%20article%22%2C%22cd%22%3A473.5%2C%22mw%22%3A559.5%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057895.756340,VS0,VE264
vary: Accept-Encoding
x-vcl-time-ms: 264
X-Firefox-Spdy: h2

soldierreproduceadmiration.com/sbar.json?key=dee4f2455ab43dc9f44a5f28fcc0dfe7&uuid=91f89ce6-34a0-4911-bffb-5342953657bb%3A2%3A1

173.233.137.36

200 OK

4.2 kB

URL HTTP/1.1
soldierreproduceadmiration.com/sbar.json?key=dee4f2455ab43dc9f44a5f28fcc0dfe7&uuid=91f89ce6-34a0-4911-bffb-5342953657bb%3A2%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
JSON data\012- , ASCII text, with very long lines (6185), with no line terminators
Size
4.2 kB (4236 bytes)
Hash
e5243ac5567148a0733a6b0ad2b74b28
9c2efcc3fffef1fba38874e7049ed62dd8ebb3bd
c8c2b436c900b95a47ed3570f06db700b9cc2038e0ca1bc193a1d9f778dd40c4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=dee4f2455ab43dc9f44a5f28fcc0dfe7&uuid=91f89ce6-34a0-4911-bffb-5342953657bb%3A2%3A1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://downsub.com
Access-Control-Allow-Origin: https://downsub.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15809635; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; expires=Sat, 10 Dec 2022 08:58:15 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
uncs=1; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 04 Dec 2022 08:58:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0caa71d4d7c479bc80e6f9383dfeab75
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=4532&rd=4532&fd=714&bv=22.10.v.10&tmpl=136

173.233.137.36

200 OK

0 B

URL HTTP/1.1
whiskerssituationdisturb.com/pixel/purst?dl=0&th=0&sc=0&rs=4532&rd=4532&fd=714&bv=22.10.v.10&tmpl=136
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=4532&rd=4532&fd=714&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:15 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.taboola.com/libtrc/floating-unit.20221201-24-RELEASE.es6.js

151.101.193.44

200 OK

2.5 kB

URL HTTP/2
cdn.taboola.com/libtrc/floating-unit.20221201-24-RELEASE.es6.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (7796)
Size
2.5 kB (2473 bytes)
Hash
465667cc7c3b638155a09b29b60c532e
339838058ed5db1d02ef5dd70b84cee157a92674
caf89253612ae8f51021b89531b3162a52299c977376951817e36922378b6779

HTTP Headers

GET /libtrc/floating-unit.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: A+D60FNNRJoJX+7jJkHJYABNv5I9bRl67XdNcc9eVJWOi5oIXxosD8RfuLEu5e7k0HbIuP5i/t0=
x-amz-request-id: RFVF3KYGQ780QA7C
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:01:00 GMT
etag: "df99baa8f2c699ce2bac3b20f140f236"
x-amz-version-id: IjzaCj1Hmi86fE2Zqv5YDKoEAdL_3_bK
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 14
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670057896.510867,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 2473
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js

151.101.193.44

200 OK

7.6 kB

URL HTTP/2
cdn.taboola.com/libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (26026)
Size
7.6 kB (7557 bytes)
Hash
23a724c195a564a56b642c0b40338d73
2bf715718db9c4380a1c889d2da3773fc09f0a07
366094c5eae836282e76976c1589a6f316eb0877ffb88b68fe9ed85f4a848c7b

HTTP Headers

GET /libtrc/taboola-vignette-new-scanning.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: zjsIRZFF8B2KDQ5HeZ8SgZTagEMZDrd+XIggA5WrLrusa2EvYBsyVGZYz+k/alpY1DxH2TqIeFk=
x-amz-request-id: XYD3H00CVTK23JJF
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:02:56 GMT
etag: "f22f818d304aaf3147a7332209833b6f"
x-amz-version-id: fNrvQWAnzqxl0c.BkakTgvkTZfMkXSJ6
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 15
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670057896.511552,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 7557
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js

151.101.193.44

200 OK

1.3 kB

URL HTTP/2
cdn.taboola.com/libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (4627)
Size
1.3 kB (1263 bytes)
Hash
01fe734a92d8952a6b115ec21c8a0aa7
5a8cdae4a2b7484b7f387c72d731f67784b67a26
4315d20d971dcc8964c5934441d2ffe8200de65c7479c11c0a87f9ae8902a2fb

HTTP Headers

GET /libtrc/feed-card-placeholder.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: Z5ZbdktwWvg7sPVgyHWE+YX1nu82BVOIpgBMD//dRbRs6JZ3m6D4rQO6IYFeG7WSKDFKhAMftkw=
x-amz-request-id: 987S7DJ2ZTEZYZ0V
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:00:37 GMT
etag: "427b7a4a33a7a67f6843aaa90bcf2843"
x-amz-version-id: 8wlaJp7z8l2oUx_rUfIVaEcgiAU4R7Lg
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 35
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 12
x-timer: S1670057896.512902,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 1263
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/userx.20221201-24-RELEASE.es6.js

151.101.193.44

200 OK

5.4 kB

URL HTTP/2
cdn.taboola.com/libtrc/userx.20221201-24-RELEASE.es6.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (17842)
Size
5.4 kB (5398 bytes)
Hash
3767da295d90d4c24af46376d07d5cde
ab04b6b8786df6bc95a073872f61937f1b13eeb2
ac5acd527482d71c4e70c82d6d487ed41dc65bed1acf1759b6bc9d863e6e563e

HTTP Headers

GET /libtrc/userx.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: qMZYEpAgENcZNG+9XK3eH6EoB170TC4Taq/jEXHxbB6WGtDcHZAZIX/26auQKENc8X8eX20WSgw=
x-amz-request-id: 1MV75WX5S7VBM1F7
x-amz-replication-status: COMPLETED
last-modified: Thu, 01 Dec 2022 18:03:33 GMT
etag: "16f67637ac3bc1b6ccd63e6d03c34457"
x-amz-version-id: odjpI9TqiU291.wDPAnq80pQaadNJReA
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 26
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1670057896.513187,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 5398
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/cta-component.20221201-24-RELEASE.es6.js

151.101.193.44

200 OK

5.1 kB

URL HTTP/2
cdn.taboola.com/libtrc/cta-component.20221201-24-RELEASE.es6.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (18924)
Size
5.1 kB (5108 bytes)
Hash
097452294092fc25721469609592f359
5b14996d97963c902ad7034897a9f914f4696518
c56b8ed6d07b7bb7455dcd3aa30c5d5f44790255d337c8108437ae5e5a19c089

HTTP Headers

GET /libtrc/cta-component.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: fSF1w07qG0aGqJPY9sOjRIKcSIPfd/lBKGLyhY+i2Dzq4LOAjlJlMPV3IBMfiLreeZFYt9kelds=
x-amz-request-id: PACX9XBENXJVZPM7
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:00:06 GMT
etag: "9a21c0b5013b1bb1179b3dde32389dd1"
x-amz-version-id: 4UU1nAGQojTpTtMCWdLaApN2yCk9QAPx
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 5
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1670057896.513920,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 5108
X-Firefox-Spdy: h2

cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg

151.101.193.44

200 OK

1.8 kB

URL HTTP/2
cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (4146), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
034656ebd1be218c629e97e2ebc2fbd9
ffdaa8a31d597c32b08c8bc716fa17a9dda01c9a
aa98d5c3b1486984e3824c8801c59f6117583cab7d19d46909c722a647c61ceb

HTTP Headers

GET /static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: kS83T3TgauYXyuzOsVM2PVjje2tOJt8fRmnXEEXPUWAkl0HdE8aPsYe6IKoetq2QfHvDFnDwtvM=
x-amz-request-id: 6P3270VTZ1MQZDAM
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Feb 2018 11:15:52 GMT
etag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-type: image/svg+xml
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 1
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1670057896.515857,VS0,VE0
cache-control: private,max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: *
vary: Accept-Encoding
abp: 47
content-length: 1758
X-Firefox-Spdy: h2

vidstat.taboola.com/lite-unit/3.9.8/UnitFeedManagerDesktop.min.js

151.101.193.44

200 OK

30 kB

URL HTTP/2
vidstat.taboola.com/lite-unit/3.9.8/UnitFeedManagerDesktop.min.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30422 bytes)
Hash
9745b6adb8e9b5989ec0a6549ab91a54
76b57e32693c32daecf75a189604d45dd9b0bee1
d2091155a789c3a96c5cbb0bb5ec76a4a4caf0270bc6e245f7fdcd097643f0fa

HTTP Headers

GET /lite-unit/3.9.8/UnitFeedManagerDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
etag: "7fcf5cdb23e918c79141cd7bbdf0b9cc"
server: AmazonS3
via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 4V4gXyIcI4L9vzR78J9Vk5QfuoxBnr_pFntuuBlgEBfiPKebvmGtGw==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 957337
x-served-by: cache-bma1659-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 26128
x-timer: S1670057896.516898,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 30422
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/static/video/v1659348071/udzke7q4a7y642spip6z.mp4

151.101.193.44

206 Partial Content

457 kB

URL HTTP/2
cdn.taboola.com/libtrc/static/video/v1659348071/udzke7q4a7y642spip6z.mp4
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
457 kB (456570 bytes)
Hash
453bff809f1a5a1553009fa320f0685d
83005cd6c947a7f7e8eee6e1098c136908cf2cf7
3e4b53067bfc7e530a6111000c95f15f39f03fb38683b62a7d1d4d419a46e06d

HTTP Headers

GET /libtrc/static/video/v1659348071/udzke7q4a7y642spip6z.mp4 HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
x-amz-id-2: /xZsC5/lo7i8wqqWqAb+St97M1K3z79Qo/KS+cQuS2vzFu/MbVPh+Y28BP5F4RDtV7w5IUI6Hsw=
x-amz-request-id: JQJSGVJ7X9RP0XZF
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Aug 2022 10:01:18 GMT
etag: "453bff809f1a5a1553009fa320f0685d"
x-amz-version-id: 55DdvObX3vDLZkwgT0pwKJ1KzWcOVrdS
content-type: video/mp4;codecs=avc1
server: AmazonS3
accept-ranges: bytes
age: 22
content-range: bytes 0-456569/456570
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1670057896.516514,VS0,VE1
cache-control: private,max-age=31536000
abp: 47
content-length: 456570
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png

151.101.193.44

200 OK

55 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
55 kB (54758 bytes)
Hash
66bfadba97d99ad0f01937e3c5aaf23d
b39467fd69f8649d2f9cded664d349c8121727a7
175589375fc4c83fb11b21c458a810e7d3151e4947b16683860ea916cef8934a

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 487162476531458489843398520959864332831,380557120827242204309196295110066286773,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 487162476531458489843398520959864332831,380557120827242204309196295110066286773,29ecf9b93bbf306179626feeda1fab70
etag: "07d69fa728d4e810fea8f4dc1ee3ee9f"
expiration: expiry-date="Mon, 21 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 21 Oct 2022 17:57:36 GMT
req-referer: http://oqn.rse.argus.int/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 291
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 1525203
x-served-by: cache-iad-kjyo7100150-IAD, cache-iad-kjyo7100135-IAD, cache-bur-kbur8200073-BUR, cache-iad-kcgs7200102-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1670057896.517155,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_690%2Cw_920%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
x-vcl-time-ms: 1
content-length: 54758
X-Firefox-Spdy: h2

get-info.downsub.com/eyJjdCI6InhMQjNSMmRhVjIzQkxEZzJpR0hzS3c9PSIsIml2IjoiOGUyYTgyMTFmMzg5ZjdjMzI0MTQzZDJhZTE5ZjhmN2UiLCJzIjoiMmQ2NTBkOTk4NTk2NGExOCJ9

172.67.204.139

200 OK

86 kB

URL HTTP/2
get-info.downsub.com/eyJjdCI6InhMQjNSMmRhVjIzQkxEZzJpR0hzS3c9PSIsIml2IjoiOGUyYTgyMTFmMzg5ZjdjMzI0MTQzZDJhZTE5ZjhmN2UiLCJzIjoiMmQ2NTBkOTk4NTk2NGExOCJ9
IP
172.67.204.139:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
Size
86 kB (86415 bytes)
Hash
c4a5a8a30ee2fcac0b3ac44226ddf3a7
b8fbb2c006df0668eaf7b8c3273bcc0bfb81f926
ef313d1c281e3562a021ee75fa27295518f4763ae4fc989067bf9fc1fa08d6aa

HTTP Headers

GET /eyJjdCI6InhMQjNSMmRhVjIzQkxEZzJpR0hzS3c9PSIsIml2IjoiOGUyYTgyMTFmMzg5ZjdjMzI0MTQzZDJhZTE5ZjhmN2UiLCJzIjoiMmQ2NTBkOTk4NTk2NGExOCJ9 HTTP/1.1
Host: get-info.downsub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:12 GMT
content-type: application/json
access-control-allow-origin: https://downsub.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GkDf5WnkppAw%2F6NhFAJCbLOhqinHxXXb9%2FJIZcILVhC56xlyOWe30PP5U6%2BBQy8blYoufQKFrxXcipKQSU2%2B3sE35WlmlOUcLKJnPQRxsB5JSJxQLWWSN6RV5KzvRx0Jp8FN12jFfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b19619c7c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg

151.101.193.44

200 OK

7.9 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.9 kB (7860 bytes)
Hash
bf25b96c4823078e53b31f8557f2bdbd
2ce715fe73411e6703324d5483309cc340681242
70250bf85b89f2986de811a4a10dbeea364d7db93208068263241759e13d572d

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 457048565967574064239965785660858476183,441326658986685637957213755838494944928,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 457048565967574064239965785660858476183,441326658986685637957213755838494944928,29ecf9b93bbf306179626feeda1fab70
etag: "9bc89f05e005b843f3871224ca05ef33"
last-modified: Fri, 14 Oct 2022 04:02:35 GMT
req-referer: https://www.dailynews.co.th/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 4f784b86401ab6626545125ee15c87cf
x-envoy-upstream-service-time: 467
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2410530
x-served-by: cache-iad-kiad7000158-IAD, cache-iad-kcgs7200168-IAD, cache-lga21951-LGA, cache-iad-kjyo7100060-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 2, 1
x-timer: S1670057896.526121,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1883672742cec3f5f36fa85a1d94cebd.jpg
x-vcl-time-ms: 1
content-length: 7860
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png

151.101.193.44

200 OK

6.5 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
6.5 kB (6478 bytes)
Hash
0f6f183cb6fea10e684805cfcf44c995
67af73f9c8b4d79e9743b4dfe8972ef02f5c9e11
28cdbd83382d5f532d3ff4f588b42cff299dd9c513d0aa1bd203a417daaa71c5

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 522386631016027178862069804243359678773,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 522386631016027178862069804243359678773,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
etag: "4a9f4a3b5712deea865ef5eb8f70ef63"
last-modified: Wed, 30 Nov 2022 04:33:40 GMT
req-referer: https://www.nbcnews.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 167c91b6b288b7cc9bf47ee75bfabd89
x-envoy-upstream-service-time: 169
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 274416
x-served-by: cache-iad-kcgs7200113-IAD, cache-iad-kiad7000063-IAD, cache-chi-kigq8000175-CHI, cache-iad-kiad7000150-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 2, 1, 16, 1
x-timer: S1670057896.526147,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
x-vcl-time-ms: 1
content-length: 6478
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg

151.101.193.44

200 OK

2.7 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.7 kB (2680 bytes)
Hash
ddea64bdf74b2e59d86b0de1b3a1ea5b
765bc49ea78b1d5a379a691df59e188ba3dde6ba
f9115f66d470460b2c6b6d6e2e552d566c2efead09d3eacc0c839a5581e052bb

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 472065738987423655202224203246839100517,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 472065738987423655202224203246839100517,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "850ef27ddc6d28c050fa9319d44f9892"
last-modified: Mon, 10 Oct 2022 21:54:40 GMT
req-referer: https://pacificadvocate.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: e0025073a8ae45971f3af197994fe623
x-envoy-upstream-service-time: 89
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4609705
x-served-by: cache-iad-kiad7000029-IAD, cache-iad-kjyo7100052-IAD, cache-lax10638-LGB, cache-iad-kcgs7200127-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 5989, 1
x-timer: S1670057896.526165,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4dcae61741335c7a83abf136fe4b5ef9.jpg
x-vcl-time-ms: 1
content-length: 2680
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg

151.101.193.44

200 OK

17 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
17 kB (17020 bytes)
Hash
6b340cb16201f3aeba290f99fd324de2
f969e4b070d67bf6947336160d7ea7703664e556
c9249c299756cfa8ca73b2b6e2faf9b6c1ac3b1c265a29c1993fdfcb95fe6030

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 604581218713115417347316970314287167264,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 604581218713115417347316970314287167264,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "cd57e4f9f28b52579d496b3e3fbac088"
expiration: expiry-date="Fri, 21 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 20 Sep 2022 09:01:57 GMT
req-referer: https://www.middletownpress.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 79
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4132519
x-served-by: cache-iad-kiad7000108-IAD, cache-iad-kcgs7200175-IAD, cache-lga21973-LGA, cache-iad-kjyo7100027-IAD, cache-bma1659-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 4, 0, 49, 1
x-timer: S1670057896.526131,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/1343562790__MXQq0Cuc.jpg
x-vcl-time-ms: 1
content-length: 17020
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg

151.101.193.44

200 OK

18 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
18 kB (18214 bytes)
Hash
93bb22685547b93e4bacd88db60e9970
7c31a82757680ab5de2ca0adbe59e38edfa166ff
45c4cc5ee6aeab1f03372b295de3edfa495711a4646ccac87efeedd3fbf504fe

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 403205419503941504880473950173344994390,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 403205419503941504880473950173344994390,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "05e07b7d377f27fbaa43309197fae0fc"
last-modified: Fri, 23 Sep 2022 08:34:35 GMT
req-referer: https://www.herzindagi.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: bcfec54a47ca2cd7ef311b62c26ecf30
x-envoy-upstream-service-time: 107
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 6126500
x-served-by: cache-iad-kiad7000115-IAD, cache-iad-kjyo7100131-IAD, cache-lga21945-LGA, cache-iad-kjyo7100082-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 7, 1
x-timer: S1670057896.526189,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1067109326__i5Louzff.jpg
x-vcl-time-ms: 1
content-length: 18214
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg

151.101.193.44

200 OK

7.0 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.0 kB (6972 bytes)
Hash
0fdc143e052900c4490aa6f798117b5b
b875de9d6309a3735e342e5dacabc633da6c20bc
78fa943a958ce3d6cebe31b0df05b8cc161476e86a1f37595bbe27f31d44ccc5

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 389772115782525208472606412026822934037,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 389772115782525208472606412026822934037,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "ac9bf38df6e68c3cd35f6ee5d3c75aaa"
last-modified: Sun, 16 Oct 2022 03:21:53 GMT
req-referer: https://article.auone.jp/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 241d46e5f107fcb6b830a99fdaa5a3ba
x-envoy-upstream-service-time: 318
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3337017
x-served-by: cache-iad-kjyo7100161-IAD, cache-iad-kiad7000088-IAD, cache-bur-kbur8200159-BUR, cache-iad-kjyo7100020-IAD, cache-bma1659-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 10, 1
x-timer: S1670057896.527533,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/nmzQd8z/HybridCars.jpg
x-vcl-time-ms: 1
content-length: 6972
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png

151.101.193.44

200 OK

9.8 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
9.8 kB (9812 bytes)
Hash
1cfb032751e5b844217ece66cfe92665
dd689708f1c7fd7a8383c6acb82fc314be6a922d
72319cf0a093db58b8c5e66755a48539973592f5b38d669266651f875a644265

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 487162476531458489843398520959864332831,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 487162476531458489843398520959864332831,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "b2437807220ef050d2a53a3d8c6d5c5b"
expiration: expiry-date="Sat, 24 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 24 Aug 2022 19:30:17 GMT
req-referer: https://weather.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 21
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 6362607
x-served-by: cache-iad-kjyo7100167-IAD, cache-iad-kjyo7100167-IAD, cache-bur-kbur8200179-BUR, cache-iad-kiad7000031-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 3, 1, 60, 1
x-timer: S1670057896.526045,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
x-vcl-time-ms: 2
content-length: 9812
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png

151.101.193.44

200 OK

7.3 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.3 kB (7290 bytes)
Hash
9fd0d7b050575cf0ec779e9b88d84cda
064725046e149db62be96039b894f70d8b3562cd
2b68f8d0e34db66ffa0ebe451171dff000c4652a9df3658abcdc8b1c2254ada7

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 428701243045603640453120565822597348905,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 428701243045603640453120565822597348905,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "b0b1d1bc63cf10b78224c1a33adadfd9"
expiration: expiry-date="Fri, 07 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 06 Sep 2022 09:16:17 GMT
req-referer: https://www.corriere.it/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 184
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 5197863
x-served-by: cache-iad-kjyo7100054-IAD, cache-iad-kiad7000142-IAD, cache-lga21966-LGA, cache-iad-kcgs7200096-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 2167, 1
x-timer: S1670057896.527451,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
x-vcl-time-ms: 1
content-length: 7290
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png

151.101.193.44

200 OK

3.7 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.7 kB (3668 bytes)
Hash
06f469e087d762cfc4981210f1bb077e
972803ea7a61577ef9f49bd30b168ab3f0fc5458
031806cd041cd01cdf65daca7f44703ea483afbca19534f3902afc0047da3fd7

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 522386631016027178862069804243359678773,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 522386631016027178862069804243359678773,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "1bfa6c852c795aaa2c9c1d3dee5248c2"
last-modified: Wed, 30 Nov 2022 04:33:39 GMT
req-referer: https://ads.taboola.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 86618c822255d03566fa882bef8d6eda
x-envoy-upstream-service-time: 701
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 275076
x-served-by: cache-iad-kiad7000174-IAD, cache-iad-kiad7000091-IAD, cache-lga21931-LGA, cache-iad-kcgs7200092-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 35, 1
x-timer: S1670057896.527647,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
x-vcl-time-ms: 1
content-length: 3668
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b

151.101.193.44

200 OK

18 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
18 kB (18068 bytes)
Hash
b261b8b64e1cfa48eb580fc085ee4524
9b7a56f3d223e991026c7e3d09e2863063d5dcd1
ee75d123a1f230595d5a927468a90534d01c2321d0956a34fd8cfb3c26f3a76b

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 296865200012153021629129550364907341594,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 296865200012153021629129550364907341594,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "379ea22c087d556578e17aa21979a8f4"
expiration: expiry-date="Tue, 22 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sat, 22 Oct 2022 07:31:21 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 1674
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3309878
x-served-by: cache-iad-kcgs7200131-IAD, cache-iad-kcgs7200045-IAD, cache-bur-kbur8200069-BUR, cache-iad-kiad7000177-IAD, cache-bma1659-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 1, 1
x-timer: S1670057896.527507,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//thikj.com/content/44f75318-0ed9-458e-b3df-c26eca56196b
x-vcl-time-ms: 1
content-length: 18068
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg

151.101.193.44

200 OK

6.6 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
6.6 kB (6564 bytes)
Hash
f2a6f1686f8ab3d3c2cd4d1563ef0b61
e1d34c0ecaf5eaa24e4933fef8749f73071125a6
ec413235a993862957d16745fb2c823f11fc4c9dd042441fb4485ea423517fbf

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 593217246166900275987239473964143511484,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 593217246166900275987239473964143511484,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "a21ac07d1a9ac6eb257ff0dc8c1b451c"
expiration: expiry-date="Tue, 18 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sat, 17 Sep 2022 23:55:31 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 154
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4931721
x-served-by: cache-iad-kcgs7200089-IAD, cache-iad-kiad7000083-IAD, cache-lax10647-LGB, cache-iad-kcgs7200137-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 65, 1
x-timer: S1670057896.527568,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6a33a7163b768f590848c698f93d41ea.jpg
x-vcl-time-ms: 1
content-length: 6564
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg

151.101.193.44

200 OK

13 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
13 kB (12826 bytes)
Hash
b2c2ffe493bd0edd07a1addc5c9d83ff
6b8d26f54e3711dc27c69ef2892e6d6ea93801dc
131870281a006558cadb95e859f391ed2b290877e6e76c1354389239639afcbb

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 626998414654207768775251811540747712995,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 626998414654207768775251811540747712995,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "3ecfdbc4c004b99c514fa95ea971bc90"
last-modified: Sun, 11 Sep 2022 04:15:50 GMT
req-referer: https://sports.ndtv.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: c6b7aba705060b5d0c9b92f10edb255c
x-envoy-upstream-service-time: 147
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 4547764
x-served-by: cache-iad-kiad7000123-IAD, cache-iad-kiad7000081-IAD, cache-bur-kbur8200170-BUR, cache-iad-kiad7000033-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 98, 1
x-timer: S1670057896.527474,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//1.bp.blogspot.com/-ltgWf-2UF64/W5bBfY8grUI/AAAAAAAAPeE/_DQ7pZHvNug87lHXLZA-RrmjLbxenVXowCLcBGAs/s1600/1-65.jpg
x-vcl-time-ms: 1
content-length: 12826
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg

151.101.193.44

200 OK

7.5 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.5 kB (7548 bytes)
Hash
b2355f630c00202ef0da4a6dccecf756
b0d3985492eb70a69c1d50dc87746267f4183dc2
a74c185fac95d0ca9736f70f065bdc69248b3bef62b2bdad65122a0a75042787

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 512515966045447238340819189393816696794,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 512515966045447238340819189393816696794,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "e4579c30f0871cf36780ef7fd8ff0890"
expiration: expiry-date="Mon, 07 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 07 Oct 2022 04:13:49 GMT
req-referer: https://telugucinema.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 77
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2371304
x-served-by: cache-iad-kiad7000070-IAD, cache-iad-kcgs7200101-IAD, cache-sna10750-LGB, cache-iad-kjyo7100030-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 32, 1
x-timer: S1670057896.527550,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
x-vcl-time-ms: 1
content-length: 7548
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20

151.101.193.44

200 OK

13 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
13 kB (13342 bytes)
Hash
2ae56d079adba0bcc4977d33685fe749
5d38a0f50940eed2ba0fedc64137481ca4e664d5
dd1357fa748005d3707c9eb33eb4388c33b76e58d453311cfff0d0a2748ec03d

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20 HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 444593436489081238685764127687054956608,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 444593436489081238685764127687054956608,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "cf5492ce7c27089ecd2c0fc9ff256857"
expiration: expiry-date="Sun, 13 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Thu, 13 Oct 2022 03:42:07 GMT
req-referer: https://haraguro.napbizblog.jp/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 1053
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2149933
x-served-by: cache-iad-kiad7000095-IAD, cache-iad-kcgs7200179-IAD, cache-chi-klot8100094-CHI, cache-iad-kcgs7200021-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1670057896.527628,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
x-vcl-time-ms: 1
content-length: 13342
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg

151.101.193.44

200 OK

7.4 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.4 kB (7422 bytes)
Hash
b1c9841a124abb7e6ba12e11b1d24198
737a4caf5bb90cbd3fd9b0828641477c43a731b8
113767dddad5879d00bdd851d2c04c0505d69544d63c4bdf5a59657eedc8555a

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 589121519206399478593719326984951023035,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 589121519206399478593719326984951023035,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "fcc6ba96ef9b63c4eff09c1652282c3f"
expiration: expiry-date="Thu, 13 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 12 Sep 2022 16:44:33 GMT
req-referer: https://weather.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 159
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 5153271
x-served-by: cache-iad-kcgs7200131-IAD, cache-iad-kcgs7200084-IAD, cache-lga21942-LGA, cache-iad-kjyo7100104-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 160, 1
x-timer: S1670057896.527611,VS0,VE13
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/119eeaf0c34085edf0b929cedcb7e7cf.jpg
x-vcl-time-ms: 13
content-length: 7422
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/next-up-widget.20221201-24-RELEASE.es6.js

151.101.193.44

200 OK

4.6 kB

URL HTTP/2
cdn.taboola.com/libtrc/next-up-widget.20221201-24-RELEASE.es6.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (16595)
Size
4.6 kB (4623 bytes)
Hash
062b49e0f1e91cdb17b6964efaad040c
4fa60d2a03e9d688ecaeddd56d1fae55830c03db
ff29a6c270030647c18c7d958245b00116c54607d50e9dce1891ac314de76045

HTTP Headers

GET /libtrc/next-up-widget.20221201-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: NmkV8a6mDCbb5/d/14M4bc/rYWrNGgrDJ86HEOWfas8MGnhnYXxTLKZ7/fjcISadS/3YbG7Up18=
x-amz-request-id: QKSF1XG0Q978CF51
x-amz-replication-status: PENDING
last-modified: Thu, 01 Dec 2022 18:01:18 GMT
etag: "04caa4cde47837aa18470cb085ef65a1"
x-amz-version-id: UcURF1Ml7FUZ26FyLlhDWTm1mxwSetm4
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
age: 15
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670057896.614571,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 47
content-length: 4623
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png

151.101.193.44

200 OK

9.4 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
9.4 kB (9448 bytes)
Hash
e20d1926c07edb17012a33a90ff1d663
010b0d6332903b3f5597ea38bc96466a56b80a60
012417c9eb0ab0b66385ecbdf7287ee37ee4910805e49e1005c3248244597eab

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 330188181233421625896439828083131949610,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 330188181233421625896439828083131949610,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
etag: "ed40967dd56ffed2e08619470755eb4a"
expiration: expiry-date="Sat, 29 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 28 Sep 2022 08:03:11 GMT
req-referer: https://d-42054797002294232028.ampproject.net/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 167
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3302674
x-served-by: cache-iad-kiad7000064-IAD, cache-iad-kiad7000094-IAD, cache-bur-kbur8200132-BUR, cache-iad-kjyo7100104-IAD, cache-bma1659-BMA
x-cache: HIT, HIT, MISS, HIT, MISS
x-cache-hits: 1, 1, 0, 2, 0
x-timer: S1670057896.527496,VS0,VE96
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d29f7d227eebb09606ad41e5193aa18c.png
x-vcl-time-ms: 96
content-length: 9448
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg

151.101.193.44

200 OK

58 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
58 kB (57728 bytes)
Hash
c5a66a2ddaa5bbe54f7c01da5f583698
e7047afc61f75390dc5f2fdf7af28a071937c21d
cba38cb371a5f5ebce4964007fbd5539bffb1df8bc64f6a21e22c47c1e1a6186

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 347421405159487881401166791228920074382,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 347421405159487881401166791228920074382,523272642140522660213979017363544863538,29ecf9b93bbf306179626feeda1fab70
etag: "d1da99c1313e8e7b35a6cde85aa6b3e6"
expiration: expiry-date="Fri, 04 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 04 Oct 2022 21:11:52 GMT
req-referer: https://www.youm7.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 154
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 3768896
x-served-by: cache-iad-kcgs7200074-IAD, cache-iad-kiad7000099-IAD, cache-chi-klot8100166-CHI, cache-iad-kcgs7200052-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, HIT, HIT, MISS
x-cache-hits: 0, 1, 1, 152, 0
x-timer: S1670057896.526094,VS0,VE102
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81bfaef3146b496bc5c4f73b9f9ed9a7.jpeg
x-vcl-time-ms: 102
content-length: 57728
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

178.250.2.146

200 OK

8.8 kB

URL HTTP/2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type
C source, ASCII text, with very long lines (29462)
Size
8.8 kB (8820 bytes)
Hash
4391de9cbbdb70ef0e6425deaf23e659
8110a5dac44a8a66d593c64fc40e5cded121b921
c8273b474187d5634038f71e3efd491af977d1e96bc5a41aa953a10dbe82bad2

HTTP Headers

GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:14 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 768842
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-before-load%22%2C%22eventTime%22%3A1670057893133%7D&tim=08%3A58%3A13.134&id=4930&llvl=2&cv=20221201-24-RELEASE&

185.106.33.48

204 No Content

0 B

URL HTTP/2
il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-before-load%22%2C%22eventTime%22%3A1670057893133%7D&tim=08%3A58%3A13.134&id=4930&llvl=2&cv=20221201-24-RELEASE&
IP
185.106.33.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-before-load%22%2C%22eventTime%22%3A1670057893133%7D&tim=08%3A58%3A13.134&id=4930&llvl=2&cv=20221201-24-RELEASE& HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:15 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png

151.101.193.44

200 OK

7.1 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.1 kB (7074 bytes)
Hash
3c093ff5f4160192a545b9841753d879
727b43ed636ae7574e9882970ddc1ae14b9f3e64
2707266323a6857d235dac1dba8cd6d452d9746dea7b46f332afaedc738d0b3e

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 487162476531458489843398520959864332831,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 487162476531458489843398520959864332831,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
etag: "2b80cf8934a29dc7caeb0dc8b5733af0"
expiration: expiry-date="Sat, 12 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 12 Oct 2022 02:33:00 GMT
req-referer: https://nyheter2.se/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 876
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 2204207
x-served-by: cache-iad-kiad7000119-IAD, cache-iad-kiad7000117-IAD, cache-bur-kbur8200069-BUR, cache-iad-kjyo7100029-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 19, 1
x-timer: S1670057896.877116,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/PMsByhf/Untitled-design-4.png
x-vcl-time-ms: 1
content-length: 7074
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png

151.101.193.44

200 OK

3.0 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.0 kB (2988 bytes)
Hash
b7476a0e9ecc35fca92eb6fa1a72c824
392797bfc658fdb17f0a34b61492e4f3d26c2eea
f7296e4922e97e7b47de567082ea0a93095b3801b975e9e6b012edb20ac4d75d

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 522386631016027178862069804243359678773,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 522386631016027178862069804243359678773,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
etag: "a11eed65f1b31f23e26540245d3ad75e"
last-modified: Wed, 30 Nov 2022 04:33:40 GMT
req-referer: https://philnews.ph/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: d31daabc15f3519b26784c7797daa6f2
x-envoy-upstream-service-time: 352
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
age: 274417
x-served-by: cache-iad-kcgs7200026-IAD, cache-iad-kcgs7200144-IAD, cache-chi-klot8100156-CHI, cache-iad-kiad7000051-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 139, 1
x-timer: S1670057896.881289,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b89ccae7c6338099d5edebbbdc97bcd3.png
x-vcl-time-ms: 1
content-length: 2988
X-Firefox-Spdy: h2

il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-script-loaded%22%2C%22type%22%3A%22%7B%5C%22timeFromLoad%5C%22%3A4317%7D%22%2C%22eventTime%22%3A1670057893611%7D&tim=08%3A58%3A13.613&id=4945&llvl=2&cv=20221201-24-RELEASE&

185.106.33.48

204 No Content

0 B

URL HTTP/2
il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-script-loaded%22%2C%22type%22%3A%22%7B%5C%22timeFromLoad%5C%22%3A4317%7D%22%2C%22eventTime%22%3A1670057893611%7D&tim=08%3A58%3A13.613&id=4945&llvl=2&cv=20221201-24-RELEASE&
IP
185.106.33.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-script-loaded%22%2C%22type%22%3A%22%7B%5C%22timeFromLoad%5C%22%3A4317%7D%22%2C%22eventTime%22%3A1670057893611%7D&tim=08%3A58%3A13.613&id=4945&llvl=2&cv=20221201-24-RELEASE& HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:15 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-missed%22%2C%22type%22%3A%22%7B%5C%22missedReason%5C%22%3A%5C%22already%20have%20been%20displayed%20on%20session%5C%22%2C%5C%22displayInSession%5C%22%3A0%7D%22%2C%22eventTime%22%3A1670057893614%7D&tim=08%3A58%3A13.614&id=4778&llvl=2&cv=20221201-24-RELEASE&

185.106.33.48

204 No Content

0 B

URL HTTP/2
il-trc-events.taboola.com/downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-missed%22%2C%22type%22%3A%22%7B%5C%22missedReason%5C%22%3A%5C%22already%20have%20been%20displayed%20on%20session%5C%22%2C%5C%22displayInSession%5C%22%3A0%7D%22%2C%22eventTime%22%3A1670057893614%7D&tim=08%3A58%3A13.614&id=4778&llvl=2&cv=20221201-24-RELEASE&
IP
185.106.33.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /downsub/log/3/abtests?route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&ri=a6a7a5ba4efa43a01c4735e9366f7a97&sd=v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ui=ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526&pi=/&wi=-4468348118777149555&pt=text&vi=1670057892391&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22taboola-vignette-missed%22%2C%22type%22%3A%22%7B%5C%22missedReason%5C%22%3A%5C%22already%20have%20been%20displayed%20on%20session%5C%22%2C%5C%22displayInSession%5C%22%3A0%7D%22%2C%22eventTime%22%3A1670057893614%7D&tim=08%3A58%3A13.614&id=4778&llvl=2&cv=20221201-24-RELEASE& HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 08:58:15 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c770ed8e1043091817cf67c2338116d2
eb799e23dbf7d7fd82d63ec0220007e5b8196e48
addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3646
Expires: Sat, 03 Dec 2022 09:59:01 GMT
Date: Sat, 03 Dec 2022 08:58:15 GMT
Connection: keep-alive

soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuIlHkQxBw%2FKHDwouLPdM90700YIxhiJrtmQRBe81a%2BerUx1V1PVPT1ZPAQDISDCeNJj75tNFk0Q8wcIMutFFoQdD7IH15t4FSFnmdmB0e9Q3%2FfqfYf3XtW9nfKY%2BCjp0bUPzbbSmq5GTb%2Fx2qbKhKlc4%2BrNRuA3%2FfONTZWthecbw9lhB28GftT0X2%2B8J3nfrLb8wPcDP2hcVlYmZrg6Z6Hyx3HQjP1m2GoGUYih%2FT92pQdHPYjBMXkBSkyf2fr5CRSfIEu%2FvyRdvzD5G%2B%2BmpaaFsRiIvY%2ByfmaqDOlyTKyHJNtbbMO4KSFfn4LJ9hYOYAa7Mwdgakq83wKwbG8hE2zw4EQp05AZmHgW1WACqSdQdAJu7kKJQwJwgasbyNKHV42t6O0Tls7YKTnz9B%2BoakrO%2FP4isvS7i1oNGzeMLgtlModhUkMNJ1C9CfJyH8W2B1XtgxefQYlfyOrTdWTp7obTBkocvRoHSTfmcm2lHVJ%2FJYyDYIUlCVuJ2mErjtprUYexeURKTaCSCbQcgbpTKJ2HUnkoEw9l7iEVRw0axYnvdxKWtNvdkHPebnMedddEJNphN%2FFR8pmHEYp8BK5H4PYOcnsHfTWCLX%2BE26rhhAdXEAxEjUoSVI6gogSVIqgKgmpQPxDatVz9UGhXsmDRW4versem6O3QB6boyYzs5Mfk%2BXlwf7%2FF0ZdHDSFlmLTCKKIsbAseJ2FIo6TVTTj3RSI7cKqGcqdAnYdtNSXn7m0iV4e31sHoPpzeB1fnQMuXQatxp%2BWDbo3Dro%2Ft7JEwVeZK1uQmhTA18uIMitvejj4mL81FxH%2BeheQHF776YuOP8%2BITcFsjtzVuqZ8Ievr%2B%2BLqpyO51UznyZCMvVKq26exlbxS0kKe%2F%2FUDerowVVy650Tdv8xkxGx%2FflK5Yp5lQWc%2BRRxeVENJeNpZL8sMVtynZtdJtXSxtVubr1965fCXNrXROmWwCqg4%2F%2FhRcTclZ25%2F%2F2Vf%2Beh%2FKTmDLGml5QBYFZSbg%2BR24fKneGQKrlzss91CV9di22PJSKwItl5iyGu4%2FmC3nHXcfPeuBFneRpTUGtsZA16B6BFeeHhe5Pbjwa3teYNobM229Xaat%2FvIkWqeOGjJK%2FET6LcmSmCUd6os4CWNG40B2WEQDFG7KP39u718AAAD%2F%2FwEAAP%2F%2FwT%2B5%2FIsEAAA%3D

173.233.137.36

200 OK

7 B

URL HTTP/1.1
soldierreproduceadmiration.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuIlHkQxBw%2FKHDwouLPdM90700YIxhiJrtmQRBe81a%2BerUx1V1PVPT1ZPAQDISDCeNJj75tNFk0Q8wcIMutFFoQdD7IH15t4FSFnmdmB0e9Q3%2FfqfYf3XtW9nfKY%2BCjp0bUPzbbSmq5GTb%2Fx2qbKhKlc4%2BrNRuA3%2FfONTZWthecbw9lhB28GftT0X2%2B8J3nfrLb8wPcDP2hcVlYmZrg6Z6Hyx3HQjP1m2GoGUYih%2FT92pQdHPYjBMXkBSkyf2fr5CRSfIEu%2FvyRdvzD5G%2B%2BmpaaFsRiIvY%2ByfmaqDOlyTKyHJNtbbMO4KSFfn4LJ9hYOYAa7Mwdgakq83wKwbG8hE2zw4EQp05AZmHgW1WACqSdQdAJu7kKJQwJwgasbyNKHV42t6O0Tls7YKTnz9B%2BoakrO%2FP4isvS7i1oNGzeMLgtlModhUkMNJ1C9CfJyH8W2B1XtgxefQYlfyOrTdWTp7obTBkocvRoHSTfmcm2lHVJ%2FJYyDYIUlCVuJ2mErjtprUYexeURKTaCSCbQcgbpTKJ2HUnkoEw9l7iEVRw0axYnvdxKWtNvdkHPebnMedddEJNphN%2FFR8pmHEYp8BK5H4PYOcnsHfTWCLX%2BE26rhhAdXEAxEjUoSVI6gogSVIqgKgmpQPxDatVz9UGhXsmDRW4versem6O3QB6boyYzs5Mfk%2BXlwf7%2FF0ZdHDSFlmLTCKKIsbAseJ2FIo6TVTTj3RSI7cKqGcqdAnYdtNSXn7m0iV4e31sHoPpzeB1fnQMuXQatxp%2BWDbo3Dro%2Ft7JEwVeZK1uQmhTA18uIMitvejj4mL81FxH%2BeheQHF776YuOP8%2BITcFsjtzVuqZ8Ievr%2B%2BLqpyO51UznyZCMvVKq26exlbxS0kKe%2F%2FUDerowVVy650Tdv8xkxGx%2FflK5Yp5lQWc%2BRRxeVENJeNpZL8sMVtynZtdJtXSxtVubr1965fCXNrXROmWwCqg4%2F%2FhRcTclZ25%2F%2F2Vf%2Beh%2FKTmDLGml5QBYFZSbg%2BR24fKneGQKrlzss91CV9di22PJSKwItl5iyGu4%2FmC3nHXcfPeuBFneRpTUGtsZA16B6BFeeHhe5Pbjwa3teYNobM229Xaat%2FvIkWqeOGjJK%2FET6LcmSmCUd6os4CWNG40B2WEQDFG7KP39u718AAAD%2F%2FwEAAP%2F%2FwT%2B5%2FIsEAAA%3D
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTuIlHkQxBw%2FKHDwouLPdM90700YIxhiJrtmQRBe81a%2BerUx1V1PVPT1ZPAQDISDCeNJj75tNFk0Q8wcIMutFFoQdD7IH15t4FSFnmdmB0e9Q3%2FfqfYf3XtW9nfKY%2BCjp0bUPzbbSmq5GTb%2Fx2qbKhKlc4%2BrNRuA3%2FfONTZWthecbw9lhB28GftT0X2%2B8J3nfrLb8wPcDP2hcVlYmZrg6Z6Hyx3HQjP1m2GoGUYih%2FT92pQdHPYjBMXkBSkyf2fr5CRSfIEu%2FvyRdvzD5G%2B%2BmpaaFsRiIvY%2ByfmaqDOlyTKyHJNtbbMO4KSFfn4LJ9hYOYAa7Mwdgakq83wKwbG8hE2zw4EQp05AZmHgW1WACqSdQdAJu7kKJQwJwgasbyNKHV42t6O0Tls7YKTnz9B%2BoakrO%2FP4isvS7i1oNGzeMLgtlModhUkMNJ1C9CfJyH8W2B1XtgxefQYlfyOrTdWTp7obTBkocvRoHSTfmcm2lHVJ%2FJYyDYIUlCVuJ2mErjtprUYexeURKTaCSCbQcgbpTKJ2HUnkoEw9l7iEVRw0axYnvdxKWtNvdkHPebnMedddEJNphN%2FFR8pmHEYp8BK5H4PYOcnsHfTWCLX%2BE26rhhAdXEAxEjUoSVI6gogSVIqgKgmpQPxDatVz9UGhXsmDRW4versem6O3QB6boyYzs5Mfk%2BXlwf7%2FF0ZdHDSFlmLTCKKIsbAseJ2FIo6TVTTj3RSI7cKqGcqdAnYdtNSXn7m0iV4e31sHoPpzeB1fnQMuXQatxp%2BWDbo3Dro%2Ft7JEwVeZK1uQmhTA18uIMitvejj4mL81FxH%2BeheQHF776YuOP8%2BITcFsjtzVuqZ8Ievr%2B%2BLqpyO51UznyZCMvVKq26exlbxS0kKe%2F%2FUDerowVVy650Tdv8xkxGx%2FflK5Yp5lQWc%2BRRxeVENJeNpZL8sMVtynZtdJtXSxtVubr1965fCXNrXROmWwCqg4%2F%2FhRcTclZ25%2F%2F2Vf%2Beh%2FKTmDLGml5QBYFZSbg%2BR24fKneGQKrlzss91CV9di22PJSKwItl5iyGu4%2FmC3nHXcfPeuBFneRpTUGtsZA16B6BFeeHhe5Pbjwa3teYNobM229Xaat%2FvIkWqeOGjJK%2FET6LcmSmCUd6os4CWNG40B2WEQDFG7KP39u718AAAD%2F%2FwEAAP%2F%2FwT%2B5%2FIsEAAA%3D HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:15 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0ab2ba524c5d94095977d02fb2aef76
Strict-Transport-Security: max-age=0; includeSubdomains

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg

151.101.193.44

200 OK

9.0 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
9.0 kB (8978 bytes)
Hash
e7b398c7c3e63b897c375ca79bb0ba68
589c1d2a345cf4000042f6fc89a223094807ec6a
043b142cb8b59f326625ff06a9e657db927e5c0aa869bde71a34b68bb9c1f0fa

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 512515966045447238340819189393816696794,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 512515966045447238340819189393816696794,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "7f483343d26721703206d2bddae5c18c"
expiration: expiry-date="Mon, 12 Dec 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 11 Nov 2022 05:35:47 GMT
req-referer: https://www.espn.com.ar/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 116
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1027346
x-served-by: cache-iad-kiad7000068-IAD, cache-iad-kcgs7200113-IAD, cache-chi-klot8100163-CHI, cache-iad-kcgs7200146-IAD, cache-bma1659-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 211, 1
x-timer: S1670057896.021530,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d628fda17c5e69e2dad15ebd23071bd5.jpg
x-vcl-time-ms: 1
content-length: 8978
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png

151.101.193.44

200 OK

6.5 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
6.5 kB (6504 bytes)
Hash
420d40a00403a76079dee4e09223cea6
43f1e310ce333086230f750c8167eae90d44dc99
ee31aa90e19c5a01223ffcb73c18c85bd60d80ed16634baa07b42e3a95c05b53

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 457835312966956032668230324825673620138,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 457835312966956032668230324825673620138,539224017810145466138863900429835611322,29ecf9b93bbf306179626feeda1fab70
etag: "2f750790e458d690a5918a37821959d9"
expiration: expiry-date="Wed, 23 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sun, 23 Oct 2022 18:24:33 GMT
req-referer: https://games.espn.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 231
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1530583
x-served-by: cache-iad-kiad7000107-IAD, cache-iad-kcgs7200129-IAD, cache-bur-kbur8200048-BUR, cache-iad-kjyo7100087-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 7, 1
x-timer: S1670057896.021645,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_189%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/e7f45685-f8e7-43ed-9fb1-7a46ecb08f47_1000x600_5f632f9dfaf05a4bfb15f40f5758a0f4.png
x-vcl-time-ms: 1
content-length: 6504
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20

151.101.193.44

200 OK

36 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
36 kB (36524 bytes)
Hash
9e6a6d966dbafbeb152d03ab1d131db9
b6de5947c42cc3e9f551284e4d277a2db2a9ea87
9d52fd5799a8336458363f0f294c31a212c12c9400a74514deaeadac73d2c046

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20 HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 444593436489081238685764127687054956608,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 444593436489081238685764127687054956608,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
etag: "070c3456daa1950e8e8408cbad0acb35"
last-modified: Fri, 28 Oct 2022 21:06:59 GMT
req-referer: https://www.msnbc.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 82230864f5bc9b5d02b16bd095d73921
x-envoy-upstream-service-time: 2121
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1469588
x-served-by: cache-iad-kcgs7200069-IAD, cache-iad-kiad7000126-IAD, cache-bur-kbur8200026-BUR, cache-iad-kiad7000059-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1670057896.021752,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//ettxf.com/content/c38a43db-85fe-4a74-a406-6bd4409e2d20
x-vcl-time-ms: 1
content-length: 36524
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f

151.101.193.44

200 OK

33 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
33 kB (32650 bytes)
Hash
af48c5f8166d249bd7e5d0d8d196760a
e100bebcfbeee1831a52e54f87c7280a715ef4c3
64eaba2ff0d69dc897d35248a25a9234ae7f5564cd69c98a0da3eefa64199d57

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 299145319762250653543709887277864577918,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 299145319762250653543709887277864577918,388671775900320025315642327208943500211,29ecf9b93bbf306179626feeda1fab70
etag: "926da3a2aa4eb13096bb9fe94b0f42ed"
last-modified: Mon, 28 Nov 2022 18:12:52 GMT
req-referer: https://www.msnbc.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 8be79c356322ec788293e1908bc729c0
x-envoy-upstream-service-time: 1674
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 68647
x-served-by: cache-iad-kcgs7200051-IAD, cache-iad-kcgs7200132-IAD, cache-lga21926-LGA, cache-iad-kjyo7100119-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1670057896.021837,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//rdytz.com/content/d944321b-b1bd-4d27-975a-67c377c9de4f
x-vcl-time-ms: 1
content-length: 32650
X-Firefox-Spdy: h2

am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31589837&cb=1670057894019&uv=3245&tms=1670057894019&abt=amplean_vD!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1670057888552!ts:1670057894019&mntl=1

141.226.228.48

200 OK

0 B

URL HTTP/2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31589837&cb=1670057894019&uv=3245&tms=1670057894019&abt=amplean_vD!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1670057888552!ts:1670057894019&mntl=1
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31589837&cb=1670057894019&uv=3245&tms=1670057894019&abt=amplean_vD!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1670057888552!ts:1670057894019&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-length: 0
X-Firefox-Spdy: h2

vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css

151.101.193.44

200 OK

8.3 kB

URL HTTP/2
vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text
Size
8.3 kB (8297 bytes)
Hash
a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991

HTTP Headers

GET /vpaid/units/32_4_5/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: Bf8dw0NjA07TfpEMmKBaL+UFJWQuALEo7owO+vyJS0Z7+UM4VbN5qXqenI+jCaBsTF8hL6tqRMY=
x-amz-request-id: 89SNZ5N6GV47VA34
last-modified: Mon, 28 Nov 2022 10:07:46 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1669630065
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630064
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
age: 427736
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 106392
x-timer: S1670057896.130888,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4051
Expires: Sat, 03 Dec 2022 10:05:47 GMT
Date: Sat, 03 Dec 2022 08:58:16 GMT
Connection: keep-alive

soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe1%2F6f%2Fbb%2Fe16fbbe9f31c82c23d1d57f9726b5fc7%2F1654616215.html&l=1038&fd=132

173.233.137.36

200 OK

0 B

URL HTTP/1.1
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe1%2F6f%2Fbb%2Fe16fbbe9f31c82c23d1d57f9726b5fc7%2F1654616215.html&l=1038&fd=132
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe1%2F6f%2Fbb%2Fe16fbbe9f31c82c23d1d57f9726b5fc7%2F1654616215.html&l=1038&fd=132 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/img/close.png

172.64.109.13

200 OK

2.0 kB

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/img/close.png
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (2005 bytes)
Hash
2cecae5111d5ff932a996679215ad573
f4c63abb5dc373aba5bc144c3831d98516cc7cc9
31f6aad6a88eca32f245dc6d0e030ef422f306b4f8479855b30e59b6dc134ebc

HTTP Headers

GET /sb/ssp/in-page_push/os/android/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/png
content-length: 2005
last-modified: Wed, 11 May 2022 09:01:03 GMT
etag: "627b7b4f-7d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1537602
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TrOyP5IUw6NNs%2F8PGYRjp%2BMiH88DQ2qdH8ToN3UB0c9K6A7c8i8JhYuF8gBmqkWp1v%2BW58j84hNF22xk%2FOqzHnMuZ7QPm1zQ9R9u%2FQNaAeRECZk6ZS3%2B%2FhRzUaRAXctRy5WngJ1M92N2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b2e0776d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js

172.64.109.13

200 OK

142 kB

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
142 kB (142425 bytes)
Hash
212187a50bea4f6bc6dba7af57d0fe13
3e4aeae75aadcb659371eec3cb747b71ee9fb1ef
a334599eb1baa17f64e6e22ed7942256d1557362012eca2f2b77155498dc51df

HTTP Headers

GET /sb/ssp/in-page_push/os/android/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: application/javascript
last-modified: Wed, 11 May 2022 09:01:04 GMT
etag: W/"627b7b50-194"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1536287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=taFzWaZUt3IexNIarWO%2BMwwVVi9ps5A9yKcrej5qUDyf8iFl2wFO4UgicroMil%2FHKk4kNch0BLx4BnZbDAgnTBMgKklmjQN5PeSDlo0tEKVW2ZTs2wzXzhJhcG0a0PlddY7HQ3HX1ODb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b2e1976d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css

172.64.109.13

200 OK

1.7 kB

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.7 kB (1724 bytes)
Hash
ecaeaf5986be05dbafbe81dfd1ee6dd6
9c33d97715e4bb9982848ac49e167bbbffa2d89d
124bf164787087010239d30ce5d67db00c0fcdaf5cb95817b1a99fcbfbd2c6e3

HTTP Headers

GET /sb/ssp/in-page_push/os/android/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:01 GMT
etag: W/"627b7b4d-126c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1536287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BujtKDi8LQqaVqdepUZsY2x0y7xRVYSckKYjZH6oy5NYeaA9wB4moINphW0%2BcyTFepRljw7y73ZgZxY6nCdxgi7ErIa%2BPgzEXtp0DeKueXns1PfaYXPbFqPndkmTbuYwgJLkwTPGDcl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b2df676d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1005 bytes)
Hash
b41923bd7bb50028b091e7cb25edc858
81c8661baa46e5b6e9284e00c8c7d1c6b7d5b4ab
9caf04bad80cbda489056bbbf99c2c604a51b7fd38114a5f149e284f1fc70aca

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 08:58:16 GMT
date: Sat, 03 Dec 2022 08:58:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3c0282fb1989711e4a48dce935bf7813
30bed8a42fc820e4feb64bd22ddfefe120889014
81e304f070d6b7aa4dc67c727523578cd18a665a5cfe674a3b1391f3f39fc11a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "81E304F070D6B7AA4DC67C727523578CD18A665A5CFE674A3B1391F3F39FC11A"
Last-Modified: Thu, 01 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11414
Expires: Sat, 03 Dec 2022 12:08:30 GMT
Date: Sat, 03 Dec 2022 08:58:16 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7248e1dacafd3d9f50bd21ca11f2ce94
a573e4caa15e0d8411fa279b7e4bb7774e63e95f
dfe6f32c6acc58306d9e61008bebf9e678d12e73c1568ed6798a8180496a21c0

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5201
Cache-Control: max-age=146488
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Etag: "638a948f-1d7"
Expires: Mon, 05 Dec 2022 01:39:44 GMT
Last-Modified: Sat, 03 Dec 2022 00:13:03 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26

185.94.180.125

302 Found

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a031f649-72e8-11ed-a89e-1626150c0106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106
X-fe: 137
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a031f68f-72e8-11ed-a89e-1626150c0106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a0365256-72e8-11ed-8281-13ae17dc0306; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 43
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg

151.101.193.44

200 OK

5.8 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.8 kB (5776 bytes)
Hash
bf5eb3d06f142c30b43a9e7fcf92fb8e
fd94cbb17e21d7183d9777ecf52e6c040a720749
6268f10f33dd8e32e9c067bb161749581e615dc34e6ac9c6c37d46396db00e1c

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 537101312646517812208096803579514386811,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 537101312646517812208096803579514386811,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
etag: "cc4058ba19aec1738b66dc1567b498fd"
last-modified: Fri, 02 Dec 2022 10:16:35 GMT
req-referer: https://downsub.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 0f29791686d5b41e2b933b8adaf8cc54
x-envoy-upstream-service-time: 452
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 0
x-served-by: cache-iad-kiad7000080-IAD, cache-iad-kjyo7100086-IAD, cache-bur-kbur8200067-BUR, cache-iad-kiad7000094-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0, 0
x-timer: S1670057896.880256,VS0,VE606
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1387958415__apx95bYE.jpg
x-vcl-time-ms: 606
content-length: 5776
X-Firefox-Spdy: h2

trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV&lti=aa_test_for_monitoring_ctrl

151.101.193.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV&lti=aa_test_for_monitoring_ctrl
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /downsub/log/3/visible?route=IL%3AIL%3AV&lti=aa_test_for_monitoring_ctrl HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2462
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.410332,VS0,VE91
x-vcl-time-ms: 91
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css

172.64.109.13

200 OK

4.8 kB

URL HTTP/2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.8 kB (4815 bytes)
Hash
21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237

HTTP Headers

GET /sb/ssp/in-page_push/os/android/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:02 GMT
etag: W/"627b7b4e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1536287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kFrGkChpgjYdnTMy%2BM6rZriO2FVIlAYFOYUC%2B0CVSuSx0QprIqFYE8eC%2FN9ZukWOwDO9APfCJVamV%2BALNsHpPZDsoDcGvGjNrjc%2FTq0H10ZAIxlNbOTQJk0uU95Gw%2FTMCymHKfJN1fL6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b197b1de676d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79245&fd=137

173.233.137.36

200 OK

0 B

URL HTTP/1.1
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79245&fd=137
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fanimate.css&l=79245&fd=137 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fstyle.css&l=4716&fd=140

173.233.137.36

200 OK

0 B

URL HTTP/1.1
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fstyle.css&l=4716&fd=140
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fcss%2Fstyle.css&l=4716&fd=140 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

trc.taboola.com/downsub/log/3/bulk?route=AM%3AIL%3AV&lti=aa_test_for_monitoring_ctrl&bulkSize=14

151.101.193.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/downsub/log/3/bulk?route=AM%3AIL%3AV&lti=aa_test_for_monitoring_ctrl&bulkSize=14
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /downsub/log/3/bulk?route=AM%3AIL%3AV&lti=aa_test_for_monitoring_ctrl&bulkSize=14 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 26824
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.419807,VS0,VE113
x-vcl-time-ms: 113
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
c0d527b1f9c1f1b14bdb24cd17590f7e
a05a6208c7e1083466a163009e10485973943a9b
a5b54b6861b3ece64f191b7c3921c6d2695418f41fc1a9a20106887a301a2e54

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 07 Dec 2022 07:18:16 GMT
ETag: "a05a6208c7e1083466a163009e10485973943a9b"
Last-Modified: Sat, 03 Dec 2022 07:18:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2795
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773b197d6f94fac0-OSL

cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png

45.133.44.9

200 OK

70 B

URL HTTP/2
cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:25:45 GMT
etag: "63656739-7ffb"
expires: Mon, 05 Dec 2022 08:58:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

185.94.180.125

302 Found

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a06101c5-72e8-11ed-943c-1586fee60506; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506
X-fe: 44
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fjs%2Fscript.js&l=404&fd=143

173.233.137.36

200 OK

0 B

URL HTTP/1.1
soldierreproduceadmiration.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fjs%2Fscript.js&l=404&fd=143
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fin-page_push%2Fos%2Fandroid%2F2%2Fjs%2Fscript.js&l=404&fd=143 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

185.94.180.125

302 Found

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a064bce3-72e8-11ed-a8ca-182a6e990106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106
X-fe: 133
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
65b6e83c9cef41c312b3139d3b2514c4
04cc6429df7a02c9de47b07513dae643b5b0f911
6301ef8cf37410e579b623326e81766070ac7c9ef40a03b968577637a914490b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 08:58:16 GMT
Last-Modified: Sat, 03 Dec 2022 07:25:19 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h4OUocNtribyFVipHnkmXB9LV8Vv4ALSkAwn6DvZeq8gqa6bZ4OTtQ==
Age: 5577

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a0610203-72e8-11ed-943c-1586fee60506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a06b82c6-72e8-11ed-8742-14684a3a0106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 117
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

soldierreproduceadmiration.com/pixel/sbs?c=1

173.233.137.36

200 OK

0 B

URL HTTP/1.1
soldierreproduceadmiration.com/pixel/sbs?c=1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: soldierreproduceadmiration.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Cookie: u_pl=15809635; uid_id2=91f89ce6-34a0-4911-bffb-5342953657bb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://downsub.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 221062
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false

141.226.228.48

200 OK

749 B

URL HTTP/2
am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (749), with no line terminators
Size
749 B (749 bytes)
Hash
938b01042b348e478f14c380799f6de5
3c0d693d005b6d470d4921f7efc3aa67aa9670a6
8ce31343fc76655d48f6234c26edfaf074724bb9afd61c2d7c72fb647f5efd39

HTTP Headers

GET /sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401
X-Firefox-Spdy: h2

185.94.180.125

204 No Content

0 B

URL HTTP/1.1
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106
IP
185.94.180.125:0
ASN
#35220 SpotXchange, INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=a064bd28-72e8-11ed-a8ca-182a6e990106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 03 Dec 2022 08:58:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=a06eaad4-72e8-11ed-b848-199e6d820106; expires=Sat, 31-Dec-2022 08:58:16 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 78
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://downsub.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 221041
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

vidstat.taboola.com/content_v3.js

151.101.193.44

200 OK

4.8 kB

URL HTTP/2
vidstat.taboola.com/content_v3.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text
Size
4.8 kB (4839 bytes)
Hash
a51838454dbf5be51e1c78b36215928e
4091520eecdca1a8d3a9dfa3e87423caf091d875
af78fe5ad4bc570ab5f318cc41dd6d0a5d3d34b9103226722384852160bae6a6

HTTP Headers

GET /content_v3.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 13:23:50 GMT
etag: "f7533e747bb02a8eb527ada4f2749620"
server: AmazonS3
via: 1.1 953ec33235d719831a6e6956b5e5bb7a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FFVJK_qv7a28BGKrUuijA7BmJqD1LcFInTlLav4SVzzPGnCkuo4hyA==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 1655760
x-served-by: cache-bma1659-BMA
x-cache: Miss from cloudfront, HIT
x-cache-hits: 115457
x-timer: S1670057897.815045,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 4839
X-Firefox-Spdy: h2

vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js

151.101.193.44

200 OK

87 kB

URL HTTP/2
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
87 kB (87152 bytes)
Hash
dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd

HTTP Headers

GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
age: 609774
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 169403
x-timer: S1670057897.815449,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png

151.101.193.44

200 OK

254 B

URL HTTP/2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Size
254 B (254 bytes)
Hash
dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

HTTP Headers

GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
age: 5135
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 326
x-timer: S1670057897.817852,VS0,VE0
cache-control: private,max-age=31536000
abp: 47
content-length: 254
X-Firefox-Spdy: h2

match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1

52.223.40.198

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
52.223.40.198:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

vidstatb.taboola.com/vid/blackScreen5.mp4

151.101.193.44

206 Partial Content

91 kB

URL HTTP/2
vidstatb.taboola.com/vid/blackScreen5.mp4
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
91 kB (90784 bytes)
Hash
b2b087fe4ae638c533731c347fcd4df8
62851c888c21bb51cc04f13b6fc0451279fe0425
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66

HTTP Headers

GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
age: 112873
x-served-by: cache-bma1659-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 41653
x-timer: S1670057897.823669,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2

am-vid-events.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31579697&cb=1670057894650&uv=3245&tms=1670057894650&su=3&abt=amplean_vD!ufm_vG&ft=0&unm=FEED_MANAGER&su=3&

141.226.228.48

200 OK

0 B

URL HTTP/2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31579697&cb=1670057894650&uv=3245&tms=1670057894650&su=3&abt=amplean_vD!ufm_vG&ft=0&unm=FEED_MANAGER&su=3&
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&cmcv=&pix=31579697&cb=1670057894650&uv=3245&tms=1670057894650&su=3&abt=amplean_vD!ufm_vG&ft=0&unm=FEED_MANAGER&su=3& HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-length: 0
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV&lti=aa_test_for_monitoring_ctrl

151.101.193.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/downsub/log/3/visible?route=IL%3AIL%3AV&lti=aa_test_for_monitoring_ctrl
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /downsub/log/3/visible?route=IL%3AIL%3AV&lti=aa_test_for_monitoring_ctrl HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 10104
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057897.824525,VS0,VE96
x-vcl-time-ms: 96
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
3c22e279d291dace2ffebfccdd4a59e9
fdbf29ff763b23ac646caa428d77367685d7cfa0
1869d3b43e88dfc33ed3b02aeda7b116c6d5c82e7486de9b752ec912ebdb946b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5074
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Last-Modified: Sat, 03 Dec 2022 07:33:43 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=_VABd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuJTJGNDd4dWE1WlJ2ZSUyRmxiVTFaZ29zSms; expires=Thu, 28 Dec 2023 08:58:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 263169
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

cdn.taboola.com/scripts/cds-pips.js

151.101.193.44

200 OK

1.3 kB

URL HTTP/2
cdn.taboola.com/scripts/cds-pips.js
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (3545), with no line terminators
Size
1.3 kB (1340 bytes)
Hash
780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30

HTTP Headers

GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:17 GMT
via: 1.1 varnish
age: 3234
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 4360
x-timer: S1670057897.161720,VS0,VE0
vary: Accept-Encoding
abp: 47
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
561fc9500f286cbed4b8a40a7e3f4fda
b61aee5d87b48ce838250940a0d417665090f8a3
f644f090f9d1d513e2d555451081e72ada3b8c3507d9d7a950ff42de3dc3520c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5167
Cache-Control: max-age=95325
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Etag: "6389ccd7-139"
Expires: Sun, 04 Dec 2022 11:27:02 GMT
Last-Modified: Fri, 02 Dec 2022 10:00:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
561fc9500f286cbed4b8a40a7e3f4fda
b61aee5d87b48ce838250940a0d417665090f8a3
f644f090f9d1d513e2d555451081e72ada3b8c3507d9d7a950ff42de3dc3520c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5167
Cache-Control: max-age=95325
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Etag: "6389ccd7-139"
Expires: Sun, 04 Dec 2022 11:27:02 GMT
Last-Modified: Fri, 02 Dec 2022 10:00:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313

pips.taboola.com/

151.101.129.44

200 OK

4 B

URL HTTP/2
pips.taboola.com/
IP
151.101.129.44:0
ASN
#54113 FASTLY

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

HTTP Headers

GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://downsub.com
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:17 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8770
Expires: Sat, 03 Dec 2022 11:24:27 GMT
Date: Sat, 03 Dec 2022 08:58:17 GMT
Connection: keep-alive

ag.gbc.criteo.com/newidsd

185.235.84.61

200 OK

37 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
185.235.84.61:0
ASN
#44788 Criteo SA

File type
JSON data\012- , ASCII text, with no line terminators
Size
37 B (37 bytes)
Hash
15157837144d00a753168c6ba696f4d3
6ddc261f4ad61536f97f83100a79691c6cafb50c
d7f65d6987cdf244ef99e87d2294f169176a7148f79c956ccd306b01ce61b960

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 53240
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=91f89ce6-34a0-4911-bffb-5342953657bb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cb2a94ca455a4afd1cd8d8ea24681238&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8

192.243.61.225

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=91f89ce6-34a0-4911-bffb-5342953657bb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cb2a94ca455a4afd1cd8d8ea24681238&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=91f89ce6-34a0-4911-bffb-5342953657bb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cb2a94ca455a4afd1cd8d8ea24681238&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Dec 2022 08:58:17 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed6bb646c760ebdc41c54b0ae0c3fdac
Strict-Transport-Security: max-age=0; includeSubdomains

dnacdn.net/dna

178.250.2.146

200 OK

132 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type
data
Size
132 B (132 bytes)
Hash
0816244abd3525a38c1228b28b60588f
e426b985cd48ba1b36c3bd5c70d15b271fd27739
f4df1461adafaf6ff5ae2d38d5890012c769d3a0372dc913b8eb30a6ff20d38a

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=_VABd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuJTJGNDd4dWE1WlJ2ZSUyRmxiVTFaZ29zSms
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI; expires=Thu, 28 Dec 2023 08:58:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 409231
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
9f38347cf64f419c10a84804440633ab
69250c04d17d4ef2721bb67159d76b707d5fb841
fbe68b4c819e8ec3f1acc2682a1b8176d092084404ccd0c39c177be2dabb6fad

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4925
Cache-Control: max-age=85366
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 08:58:17 GMT
Etag: "6389a6e2-13a"
Expires: Sun, 04 Dec 2022 08:41:03 GMT
Last-Modified: Fri, 02 Dec 2022 07:18:58 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 314

csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1

178.250.2.150

200 OK

43 B

URL HTTP/2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP
178.250.2.150:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

gem.gbc.criteo.com/newidsd

185.235.84.42

200 OK

0 B

URL HTTP/2
gem.gbc.criteo.com/newidsd
IP
185.235.84.42:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 134001
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://downsub.com/
x-crto-bundle: QW68Kl9VT2kyNXB0V0hWTmp0UkdKMjJwRnhLVG94Tk1JJTJGbzdQa2tIQkR3Q2VrTU5tZWI3TTY4a0RUNW0ydmRxWmtDeDJIJTJCYTF0N0NsSndQQkdCZFM0a1ZUJTJGR3Q4UG1LMUN5TWdLN1RPalFYbXVaMFM2MmJzbzRpWVQlMkZUcTQ0Snp6VjVBdmNrZU5nWGFqbG96dm5XVVVXbkJFZyUzRCUzRA
Origin: https://downsub.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://downsub.com
server-processing-duration-in-ticks: 2873697
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html

45.133.44.4

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
IP
45.133.44.4:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:15 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 07 Jun 2022 15:37:00 GMT
etag: W/"629f709c-40e"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 03 Dec 2022 09:58:15 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

141.226.228.48

200 OK

0 B

URL HTTP/2
am-match.taboola.com/sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?dast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2

wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057894023&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-352057342&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3

151.101.193.44

200 OK

0 B

URL HTTP/2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057894023&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-352057342&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057894023&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-352057342&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 126
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1431
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.053705,VS0,VE45
vary: Accept-Encoding
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /syncframe?origin=rtus&topUrl=downsub.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=7e443ba0-fd68-4174-980f-7f6e31cb4faf; expires=Thu, 28 Dec 2023 08:58:16 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 914378
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=rtus&domain=downsub.com&sn=FirefoxSyncframe&so=0&topUrl=downsub.com&info=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI&idsd=-959568686,-775014877&cw=1&rtusCallerId=72&lsw=1

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=rtus&domain=downsub.com&sn=FirefoxSyncframe&so=0&topUrl=downsub.com&info=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI&idsd=-959568686,-775014877&cw=1&rtusCallerId=72&lsw=1
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sid/json?origin=rtus&domain=downsub.com&sn=FirefoxSyncframe&so=0&topUrl=downsub.com&info=PVvt3180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhJJTJGeUJSNnVveDAxNmdHZGpIQ3NuODlMZUFuZGF2U0QlMkYlMkJ4ZFMyMjdQSlI&idsd=-959568686,-775014877&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=downsub.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1629476
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057897190&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1913477560&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3

151.101.193.44

200 OK

0 B

URL HTTP/2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057897190&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1913477560&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1670057897190&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1913477560&tz=0&viewable=true&ddast=V7U5kCFgOh_k_F4z21lgSh_k_F4z21lgUAAAAGBvQHJDNbLUbD5XIt260ma9FgsVoLF4vVWmFcGWfO2cpmc6yGQDKz1WI0XC7Xst1qshYNFqu1cLFYrRXGlXHmnK1sNsdqCh_GcpkMaoGEZfb7DgrK6ekxuwyiouttsTucZs8bJtB0Onyue73I77t7Xhe7xu-2AwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQABhoTJUAhEAvnvz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMcV4cIHaYxzgTFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQADhdc2Ic5buoMRbGAAAAMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwuoCYHQAAAMDd____vx7IrYaj4WC0cZlGq-Vus1rOZs6FYTkZuRy-5XBm8t5kAW4raY5cWF-IsMx-30FBOT09ZpdBVHS9LXaH0-w5iA8ahuVkEMyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRJlzGmWk5sa01q4VnLRpuBmuJb2VxK1fO0cLjGQ4Ws9Va9PqYHsbRcjWZbVEwYGEvkqdFOlGZHM7ZxrSbDCcLy2A0MrlGI49huHINd8vRYLiaiCWak0U6kV32vdVwNByMNi7TaLXcbVbL2cy5MCwnI5fDtxzOTP6GyzgzLSe2tWa18KxFw81gLfGtLG7lyjlaeDzDwWK2WoteH9PDOFquJrN9Y7YbDFa74XK0b8x2g8FqN1yO9h06w3f1ORutabXN47IMizHdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTk9909r4tFLFGaLtKJXiKWCE4X6UT0Mp4u6j8y5GKuHMxFk7liNVolAAAAAAAAAIAlzJk3AQAAADgNZrlcrlbrPJDJYjbYrZYLMLFQpgsMAgAAAAAAsBvc3_PwBnjcWNz48QH5fXfP62LmzZ8JYq1WyxoAAEAAGwAAIIBbN28B2Ez8____fxwAAICMHD0AAAD9PhCUxCMXSv0wPwGulrMB!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2216075&dpubid=399955&abtst=amplean_vD!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fdownsub.com&en=1&subu=3 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 126
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1412
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:19 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057899.199877,VS0,VE77
vary: Accept-Encoding
X-Firefox-Spdy: h2

downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU

188.114.97.1

200 OK

0 B

URL HTTP/2
downsub.com/?url=https://www.youtube.com/watch?v=ih14zfnQHPU
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?url=https://www.youtube.com/watch?v=ih14zfnQHPU HTTP/1.1
Host: downsub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yI4t6YvfncqklqNMG5Sbe0r8U46%2BB%2FoiHMsglfGgd7ZYpSWZznjeii5TK1xj%2Fb5aOCuZvrX93ugS1DaFwzRyLh3tL4zICxIWQ1ZpuKMRIJiRqd1Vf6AtIJ859tDC9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773b195a1a43b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A13.379&route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A860%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA%22%2C%22ui%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22uifp%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_vig%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7362%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A204%2C%22mw%22%3A547.5%2C%22fi%22%3A9%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10594319%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2

151.101.193.44

200 OK

0 B

URL HTTP/2
trc.taboola.com/downsub/trc/3/json?tim=08%3A58%3A13.379&route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A860%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA%22%2C%22ui%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22uifp%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_vig%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7362%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A204%2C%22mw%22%3A547.5%2C%22fi%22%3A9%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10594319%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2
IP
151.101.193.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /downsub/trc/3/json?tim=08%3A58%3A13.379&route=AM:IL:V&lti=aa_test_for_monitoring_ctrl&data=%7B%22id%22%3A860%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_7584804ce445973596f9a092dea798fd_ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526_1670057894_1670057894_CNawjgYQ5ZZMGKe01LnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA%22%2C%22ui%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22uifp%22%3A%22ae8f49b6-35a3-4830-b7eb-9e94ac380165-tucta849526%22%2C%22lbt%22%3A1669918997404%2C%22vi%22%3A1670057892391%2C%22cv%22%3A%2220221201-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdownsub.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22pev%22%3A8050%2C%22btv%22%3A%220%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_vig%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fdownsub.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7362%2C%22qs%22%3A%22%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253Dih14zfnQHPU%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A204%2C%22mw%22%3A547.5%2C%22fi%22%3A9%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10594319%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CBelow%20Article%20Thumbnails%3Dalternating-thumbnails-a%3Aabp%3D0%2C%2CHead%20of%20article%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22aa_test_for_monitoring_ctrl%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://downsub.com
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://downsub.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 08:58:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670057896.527433,VS0,VE177
vary: Accept-Encoding
x-vcl-time-ms: 177
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.140.24

200 OK

0 B

URL HTTP/2
friendshipmale.com/sfp.js
IP
172.64.140.24:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://downsub.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:14 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c251ca9edeebfc6b90a36b9db21cb200
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 03 Dec 2022 08:58:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vv3ii81nM3W4AWahbV9tN6dfIE%2FuSiIeDXp7Ug3SLfQ6h6CyaB03HVPdXFMCCE8jRyfekfSm7Xb5dgn1AjsKC5DiemFCH9vHMH9CdnAkNs%2FEMGKfU29mg9PoS4FncYZ50wdk6%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b19706918776d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo

52.87.16.203

200 OK

0 B

URL HTTP/2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
52.87.16.203:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 08:58:16 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations