sha2awet3eyal.ahlamontada.com/t252-topic
94.23.159.185301 Moved Permanently 0 B URL HTTP/1.1 sha2awet3eyal.ahlamontada.com/t252-topic
IP 94.23.159.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t252-topic HTTP/1.1
Host: sha2awet3eyal.ahlamontada.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 07 Oct 2022 11:32:31 GMT
Content-Length: 0
Location: https://sha2awet3eyal.ahlamontada.com/t252-topic
firefox.settings.services.mozilla.com/v1/
54.230.111.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: X4sPnpZZBUOjaCa5sQhyAE0-0rc7WWxIYBB9CWvombKezzKIfOuRLw==
Age: 157513
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3318
Expires: Fri, 07 Oct 2022 12:27:49 GMT
Date: Fri, 07 Oct 2022 11:32:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17311
Expires: Fri, 07 Oct 2022 16:21:02 GMT
Date: Fri, 07 Oct 2022 11:32:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HhH+L8o+ZKw44nrFSt+H8U5PfYkoc+igNsCTtmHrFFnMe4WTs3/x1MoUiWnbcwgmW6oGQR3Mj04=
x-amz-request-id: QK2FV1DJ2V3T958G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 11:31:11 GMT
age: 80
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 631757dfb986190ace1c82361d011388
188e4240d36f1411bc6f13b82d1f8f5860e06017
8a63cf5ef56943b0a4af872db21a31b797120f672f0078134325989a696a2293
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A63CF5EF56943B0A4AF872DB21A31B797120F672F0078134325989A696A2293"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11930
Expires: Fri, 07 Oct 2022 14:51:21 GMT
Date: Fri, 07 Oct 2022 11:32:31 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
142.250.74.42200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP 142.250.74.42:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 10:40:15 GMT
expires: Mon, 02 Oct 2023 10:40:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 435137
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=
142.250.74.168200 OK 36 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash 88e23326cf21762a4dca19874df442c9
a2bd42a1be543393fd0e6cfde9d0d528808f9376
de10cb5e988be89e7da550fe247977a1c703df81c6b093ab384044f76731f357
GET /gtag/js?id= HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 07 Oct 2022 11:32:32 GMT
expires: Fri, 07 Oct 2022 11:32:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 07 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 36214
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2img.net/i/fa/icon_minitime.gif
104.21.235.176200 OK 298 B URL HTTP/2 2img.net/i/fa/icon_minitime.gif
IP 104.21.235.176:0
File type GIF image data, version 89a, 12 x 9\012- data
Hash 71647c2ce78f706f8b4b0d84b3369cf5
18fe4a449c64acf98e9570486627f29d3884dff9
de0294a906e3fa470d188c8d596e3a5fc3efc59bab8080506015498db73c18e6
GET /i/fa/icon_minitime.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 298
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-12a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 15171
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOhZ3IYxFOpyp7LTS9u7PN1kWE6zgPvIYxXfQSVLxDp%2FVZ%2Bbm2SvnCXB6ToXLyJIYuT4NEWdM2AJ6VseBWryIJZqux9VfuNeEjFdrpCHMiN1dmVIY%2BRbpGTcuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdec76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sha2awet3eyal.ahlamontada.com/0-rtl.css
188.165.2.137200 OK 55 kB URL HTTP/2 sha2awet3eyal.ahlamontada.com/0-rtl.css
IP 188.165.2.137:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 92ab3d4ae5217e82071d40af6612e6b4
71241f91b2e1042e5ded8777f7a38b9ad0309b4a
5a9cad6883e95431d483988a693485792f6a238e65f7fa875f30006ae61e1341
GET /0-rtl.css HTTP/1.1
Host: sha2awet3eyal.ahlamontada.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/t252-topic
Cookie: exadd=166515
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: text/css
content-length: 54802
last-modified: Fri, 07 Oct 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-144347007-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash b29c7c4f146a39460f3e0b5a18378713
fcc7fe162c32786ec761c6485e7f003e950a5ad3
e832c572afd1034c65738fe6e620a25fae4e75a25a97ac1a550862fa493176f8
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 07 Oct 2022 11:32:32 GMT
expires: Fri, 07 Oct 2022 11:32:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 07 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42431
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2img.net/i/empty.gif
104.21.235.176200 OK 43 B IP 104.21.235.176:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 15220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EWKaXur6VTthBP96gZ6Kzkfq98Rw7usXsrZoWCWZftCvRwjY1HwvfLZBssYp%2FAs5tF1Etl9D56YVR5lHwebtVIzPBZt2yWyrk%2BqP9cfbwpanJhMFTpOEtmh%2FKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdd476b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash da24c3d35c9aa2a337a9a13ce1c0a8b6
f2de820375a4a3ba63e75bb07b4c1512ee847375
86358a176fd39e47744821766b318dcf7dd4aa9903f27b6221ea55075c3f5655
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5668
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Last-Modified: Fri, 07 Oct 2022 09:58:04 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
2img.net/s/t/10/34/79/i_icon_mini_index.gif
104.21.235.176200 OK 2.1 kB URL HTTP/2 2img.net/s/t/10/34/79/i_icon_mini_index.gif
IP 104.21.235.176:0
File type GIF image data, version 89a, 78 x 31\012- data
Hash 03b23b754b1b3cd5500b1a17e5ec41df
c96170e9517daddb3c46f176c74b1a5873be324e
038abcb3d373b066c7fb10391b593a8a6c0bc5183e28c25f68e51d5ee38347a5
GET /s/t/10/34/79/i_icon_mini_index.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 2115
last-modified: Wed, 13 Feb 2008 20:13:01 GMT
etag: "47b34f4d-843"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 7106
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioRMZg31ESeYK4aQ7JjLmRDKRaxPtQImUJMkI92vB2sU9YUWXkUipZ3nmM7MnoFBsuNEH7pHGkDcsVcBkUh97KmCJOlLTYI4li4qilvXlyQOnaqyMLpr%2BhSu4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdea76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_gender_male.gif
104.21.235.176200 OK 142 B URL HTTP/2 2img.net/i/fa/subsilver/icon_gender_male.gif
IP 104.21.235.176:0
File type GIF image data, version 89a, 11 x 11\012- data
Hash 5ef7a6af0298d7e13a08a8e5afeb1228
78e2ddc2595b7a2975e9b11ef4852f5ac0616616
4bd253445eec78e6f29ec51cfbd53f3b52941a208a4237389209cba55cc7047d
GET /i/fa/subsilver/icon_gender_male.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 142
last-modified: Mon, 16 May 2016 11:01:55 GMT
etag: "5739a8a3-8e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 15171
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lxWhpkeDOIiIwHHohih5v%2BBPBYVCqhGBQgpFs4RqnY96C3YvKLwWGYUnCxQmJekA9UcqMcHVWRIGjlf6qLuJ7oDDD9MF9dYG%2BztTshICoZhmgNdzOtNYKEfg0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdde76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_gender_female.gif
104.21.235.176200 OK 140 B URL HTTP/2 2img.net/i/fa/subsilver/icon_gender_female.gif
IP 104.21.235.176:0
File type GIF image data, version 89a, 11 x 11\012- data
Hash da4f413728cea4cb2af9ddb08313d88a
673a20957c3ccb1b1ec61f25587217ad413df8b6
8cfd21e82ac6c4d69ce84f5fcaf2b08e954d7b6bb7e4a8af1445ca0c6ef91772
GET /i/fa/subsilver/icon_gender_female.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 140
last-modified: Mon, 16 May 2016 11:01:55 GMT
etag: "5739a8a3-8c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 15171
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOTZ%2BXKgo%2FsyWw5jtym%2BCe%2F%2BV0UHWCheBzTX932CYwZm%2F2CZSgR0Qv7Fd88Otlg6Nax8JN2OcvuKMGmUc7kRSaUkeO3RjNmBqGxNPVSzETr%2BAJ8tnWBGHvUFRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cde576b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ecce22f04c6059d4000e984ee6b8379
4dced5d7bbcfcb8a44e95817fe54899bfe309a8d
00bbc1f1892fcbfc42049c6c9e6cb2e767553b1baacfc632aa0de0a7aa690a39
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4972
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Last-Modified: Fri, 07 Oct 2022 10:09:40 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
2img.net/s/t/10/34/79/i_icon_mini_register.gif
104.21.235.176200 OK 2.2 kB URL HTTP/2 2img.net/s/t/10/34/79/i_icon_mini_register.gif
IP 104.21.235.176:0
File type GIF image data, version 89a, 78 x 31\012- data
Hash 2a80a4b96e3a627228e41656f067a208
fefd671bf52fdaa81ca35a043acae6fd8ae0414d
2027cd8ee0c88549cac9327fcb7d1e9bde54d558bfde5c1cad28451249a13402
GET /s/t/10/34/79/i_icon_mini_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 2219
last-modified: Wed, 27 Oct 2010 14:14:35 GMT
etag: "4cc833cb-8ab"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 7106
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBFTpFUYhpFMYOhHAwLRytedgqtUdT%2Bbxst5zyYIdRH%2BlYrVaT2WmGs3j5VMIJFQObzwr%2FJKlv5i5M49XxzOSvybQMZmaV0gpeB4gMs0XAujZfxhmZFyxI04fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdeb76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/fnkosh.net/up/uploads/3a96cb3483.jpg
104.21.235.176301 Moved Permanently 178 B URL HTTP/2 2img.net/h/fnkosh.net/up/uploads/3a96cb3483.jpg
IP 104.21.235.176:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/fnkosh.net/up/uploads/3a96cb3483.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 11:32:32 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFbc1KiCnDMQ2gVSk2LIyu3KT4NbMwKtToFz4%2BUXggc7IqDhFWXccg7qXjeUlTeMR%2B2owApNglpaHtryWaIeEnwDWWr3Bld8uNJCv7BVwvosQ9q6qjDOKrrtMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cddf76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/fnkosh.net/up/uploads/d3325b2208.jpg
104.21.235.176301 Moved Permanently 178 B URL HTTP/2 2img.net/h/fnkosh.net/up/uploads/d3325b2208.jpg
IP 104.21.235.176:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/fnkosh.net/up/uploads/d3325b2208.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 11:32:32 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhimLduLRvn29vYi7zcQgUAgltMsvJsdof7IMjtRiqFABz988oi83oxnGaHAzo9FNn0UPzpgt3PC02%2Fb8sS8U20IUGC6o8llrWOEFH31CVIuzcp%2FRyWFlZyJcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdd876b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/fnkosh.net/up/uploads/1d417c1371.jpg
104.21.235.176301 Moved Permanently 178 B URL HTTP/2 2img.net/h/fnkosh.net/up/uploads/1d417c1371.jpg
IP 104.21.235.176:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/fnkosh.net/up/uploads/1d417c1371.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 11:32:32 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajjW5IVVvk7BaCXRfb7te%2B2N%2FwWLkyzzYyIoCHnTGTdLMA3i2XYE59hh%2Byep7q%2F7cZZDsx35%2BILEEYsDVZ4IdvQiHmVMmL2oZC9eYom%2FefPrQh9pDrbSrYYI1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cddd76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/10/34/79/i_icon_www.gif
104.21.235.176200 OK 2.4 kB URL HTTP/2 2img.net/s/t/10/34/79/i_icon_www.gif
IP 104.21.235.176:0
File type GIF image data, version 89a, 85 x 50\012- data
Hash 0cd9c64978e4e70fb0e6b17e16575444
42f78d4510557cf8516458889c22fdf1b17697ff
d56ba585bfad23dad9f57fc6ff02614d5ac9bfe209c3c0871ba44271b5cb80da
GET /s/t/10/34/79/i_icon_www.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 2407
last-modified: Wed, 13 Feb 2008 20:12:51 GMT
etag: "47b34f43-967"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Be4bsw6q6%2F5la7Qj69fr4tMmW7rEphyxT1lPUhgKoNSoPzWGKBxRninnrZhouHZxPF7voKgJD2Zp%2FU6piP836qru9D4Kx%2F3VC5s3%2BN1fafcc9PXNVDuAZI2eXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cde076b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 11:29:41 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 07 Oct 2022 12:06:51 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: oE5sQ77MXTfJGPEs68Q2vh6DTrK8-AW9F4fxdtalZ1H2oXWenkZ_Uw==
Age: 171
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/h/fnkosh.net/up/uploads/4ba7e249b5.jpg
104.21.235.176301 Moved Permanently 178 B URL HTTP/2 2img.net/h/fnkosh.net/up/uploads/4ba7e249b5.jpg
IP 104.21.235.176:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/fnkosh.net/up/uploads/4ba7e249b5.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 11:32:32 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bULoBf%2F2koZZM296ItxWMVjfeA4edSO2VR0AmOOMGod%2F3C2sm%2FGRfOoiP4FkLqnpk7pj%2FkR4Ar%2FNHkc%2BuGlImb3UX3Vc2f2SLpriNudTVviPca6VuHQnVPcbag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cddb76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/fnkosh.net/up/uploads/6c0b212203.jpg
104.21.235.176301 Moved Permanently 178 B URL HTTP/2 2img.net/h/fnkosh.net/up/uploads/6c0b212203.jpg
IP 104.21.235.176:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/fnkosh.net/up/uploads/6c0b212203.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 11:32:32 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKiyI%2BCHx5%2BpD7O9veJ%2F0LNtq%2FyYsySUSoNJ1UzEzsfSCat7vnEZy1%2Fvl7n807UhByQxBa3QvGmtAtlFTrY44xFr3WV4SY1e9bT7CL%2FROix%2BDMucY%2FEAKiErIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cdda76b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5261
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Last-Modified: Fri, 07 Oct 2022 10:04:51 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/h/www3.0zz0.com/2008/06/22/00/446938821.jpg
104.21.235.176301 Moved Permanently 178 B URL HTTP/2 2img.net/h/www3.0zz0.com/2008/06/22/00/446938821.jpg
IP 104.21.235.176:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/www3.0zz0.com/2008/06/22/00/446938821.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 07 Oct 2022 11:32:32 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KiEOpzIH0rCgs8wdSgv4PbliVFG%2FZSWxQPr8QWY8sOxdwoYgyUEIwMf4qG%2BJvifU%2B%2FjNUWe7WOc4Hq5LDcOxGcb3lvw%2Ft%2FgnLJCRWWzHk0GynvY%2FThnqdTmQMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cde776b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b28ce7eb9010874fce43dfcd3054e51a
29d01e0fc1f131806cf0b2b536f6094af56b4e18
6f1292a958dd631e0a948210ac49c5be0a623c6b1721a26c6d0b137c6e04d07c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F1292A958DD631E0A948210AC49C5BE0A623C6B1721A26C6D0B137C6E04D07C"
Last-Modified: Wed, 05 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19211
Expires: Fri, 07 Oct 2022 16:52:43 GMT
Date: Fri, 07 Oct 2022 11:32:32 GMT
Connection: keep-alive
illiweb.com/rs3/63/frm/lang/notutf8-ar.js
172.67.150.97200 OK 19 kB URL HTTP/2 illiweb.com/rs3/63/frm/lang/notutf8-ar.js
IP 172.67.150.97:0
File type ISO-8859 text, with very long lines (65536), with no line terminators
Hash 56cdef1796e8efb49085270ac5b150b0
054d52dbd2ccda0c3e1358eab57406bc4d55bdf7
4e684b3da128c996972042d863bee9d493cb89cec5d82c21cac4236b9a30a132
GET /rs3/63/frm/lang/notutf8-ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=73321
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 09:02:12 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2514620
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOrAS2coTPAUe6tq5jXJ4iIkazIfJrqyGSj1ku%2BAasw2oLbG%2BX3dxrvKCAdzhN6y19m24%2B3uKY89SQ%2FYL6PPQrZFeeoppx7P9WBCJBmJYCp5dF46f4pa3IsJNkoWIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756651154f9dfac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/63/frm/jquery/cookie/jquery.cookie.js
172.67.150.97200 OK 5.6 kB URL HTTP/2 illiweb.com/rs3/63/frm/jquery/cookie/jquery.cookie.js
IP 172.67.150.97:0
File type ASCII text, with very long lines (1011), with no line terminators
Hash c9246c5f7adb2becda5435ba80d30fb5
9ac66fcfb9dcdebf3988067a0c4b64f9de7e2ceb
f64925775b7c524747dcf3e172e88724ea1c33a1e6cd195ca6234f14bf41cbe9
GET /rs3/63/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 08:06:37 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2517955
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WubGPl8as%2ByWKH5BxcPNFN16IHBpO2yM7i1qoEDVeljLYm%2B9ugrbpPzZfWqh95vdby7CLt1SHziJrkXhOPoca0w9vSthGr4QUw3IkmAQmpKdGbH1ZnBLEUr6U9RS8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756651154fa0fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
connect.topicit.net/scripts/connect.js
172.67.158.56200 OK 1.6 kB URL HTTP/2 connect.topicit.net/scripts/connect.js
IP 172.67.158.56:0
File type ASCII text, with very long lines (615)
Hash 03d92fefddf312bb86e71b32c70b7c6a
35a781c23eea9cbdd1168ef2121b54a539cf6a2a
a622fe7517efb3adc8b07d7b2e97302d557ff8aaa46019aeecd94738b174a1ea
GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 5511
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5n7MPgmfGpSKBQGjIElrQpvcF1U0dE0x22kTkh%2BHRNKKJtB28HBW4Pa9DYSjvWSSMgsErUOcmm9%2FwZiHJ7vQ5OazgMry2NS2LfLro9bR6%2BxYklKZMMD5dDryxRsDnY1BTRTVL2S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756651187dd1b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/s/player/17ab0793/www-player.css
142.250.74.78200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/17ab0793/www-player.css
IP 142.250.74.78:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce9b3268e83e864464ee0b1c1bcbd395
aec0d122b7a1674fd2c903e350d7c1e345bdda9a
eccc42a16e7cb2c976a2f247265ef435954d636410182b6e8d6443457252d0e6
GET /s/player/17ab0793/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/p40-4z8R024
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 50095
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 16:56:14 GMT
expires: Fri, 06 Oct 2023 16:56:14 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 06 Oct 2022 00:52:14 GMT
content-type: text/css
age: 66978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.0.130200 OK 69 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.0.130:0
Hash be8a9dd6cb4bfa6177af2dabd2e92006
9d776872675b8e4dc1c3d45c956f7ca4c4c05605
709ece7a13a7b5b2724789b3e0e8a1a3a83cc1c8988b1a7a07b1d6035f3a3860
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: text/javascript
last-modified: Sat, 01 Oct 2022 02:55:29 GMT
etag: W/"6337ac21-1e358"
expires: Sat, 08 Oct 2022 11:32:32 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.youtube.com/s/player/17ab0793/www-embed-player.vflset/www-embed-player.js
142.250.74.78200 OK 97 kB URL HTTP/2 www.youtube.com/s/player/17ab0793/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (572)
Hash 25913148e87059714551dcf4917e9cda
77186ee8b563a941961829ca4df183e6c0b63660
2c1f6b675637c3df7fce30c177b7a16047d026aca38b4f2e562b8328d775acf0
GET /s/player/17ab0793/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/p40-4z8R024
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 16:56:14 GMT
expires: Fri, 06 Oct 2023 16:56:14 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 06 Oct 2022 00:52:14 GMT
content-type: text/javascript
age: 66978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/17ab0793/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.78200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/17ab0793/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.78:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/17ab0793/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/p40-4z8R024
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 16:56:14 GMT
expires: Fri, 06 Oct 2023 16:56:14 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 06 Oct 2022 00:52:14 GMT
content-type: text/javascript
age: 66978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/17ab0793/player_ias.vflset/en_US/base.js
142.250.74.78200 OK 593 kB URL HTTP/2 www.youtube.com/s/player/17ab0793/player_ias.vflset/en_US/base.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (554)
Size 593 kB (592870 bytes)
Hash b30301fb53e40884dbd3be8408d61222
77c903074d3a42ed7981bb7334c25b388fefdebf
bcf6f84f1a3b6ade4733d7237e30988dae2bc8245b045f3ed1a5eab5015ccfe3
GET /s/player/17ab0793/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/p40-4z8R024
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 592870
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 16:57:15 GMT
expires: Fri, 06 Oct 2023 16:57:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 06 Oct 2022 00:52:14 GMT
content-type: text/javascript
age: 66917
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.43.58.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.58.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NnGxlcbMocKpNAvoRgKjsQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NnwaSCWMuvMm4gsyUMoIzK6ALb0=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=sha2awet3eyal.ahlamontada.com&var=&ymid=&var_3=
139.45.197.250200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=sha2awet3eyal.ahlamontada.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (757)
Hash 928b0920d5829f6870a9c5ff4e26e45d
9e72a47fe25e77b594a6d4610de26b836e811d1f
97737618bdc17455ebb521adc878e16c730776820757610bd7668abc26df2679
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=sha2awet3eyal.ahlamontada.com&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: c5d2afb494d676fbeacc88a359fb90c5
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash be35127b8c26584bcaa488cc5cf04d30
db6f464fed7250ce37b1355fef95155b48824292
ffa5581ed5d5990cec95b847c02ce562c1a3090240db245f68a8ddae59e1af4d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1372
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:32 GMT
Last-Modified: Fri, 07 Oct 2022 11:09:40 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=5CuzQF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0V6WjJxSWdCVGZWUjhVNVpWbEJlaFg; expires=Wed, 01 Nov 2023 11:32:33 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 279062
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 05dc820485b100917b39e380e671871b
6dca69ce616fa5117b14fada8f8bbb56b642e33a
ddf9c2a955809b79e558b01a6db113bbb4f66708c87ec690fd29fb7fbe761105
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6313
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:33 GMT
Last-Modified: Fri, 07 Oct 2022 09:47:20 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 312
www.youtube.com/embed/p40-4z8R024
142.250.74.78200 OK 28 kB URL HTTP/2 www.youtube.com/embed/p40-4z8R024
IP 142.250.74.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58528)
Hash d269819dc622bb1450514728107d068b
31a9742b650df55854640481859c683d3cc82935
7a5a6a03202a1325feb09891ec0ada9f85d3663822678820ebea00b23e5182e4
GET /embed/p40-4z8R024 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 Oct 2022 11:32:32 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=DAZR1Vxg4v0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=kzY4dhfX9xA; Domain=.youtube.com; Expires=Wed, 05-Apr-2023 11:32:32 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+407; expires=Sun, 06-Oct-2024 11:32:32 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
151.101.85.44200 OK 25 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP 151.101.85.44:0
File type Unicode text, UTF-8 text, with very long lines (65497)
Hash 4a0047667f61193d2a9dc84c656375d6
c65c56cb1ae81c1a8df268ddddbb923f9d296cb0
98be5a537e16d9e1b7b9da54ac6194356b65f797dbc9655cdf83599041555adb
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YrchlhDAqmjLyACI2FEHYHiHe1gH3Ig6uRG+CUX7V+mQPg0HMffCjiksGuGQONCOOuHKRuO2Ij0=
x-amz-request-id: TAH90KS2GPYFEG8D
last-modified: Thu, 06 Oct 2022 17:40:12 GMT
etag: "aa788d23dbd71994ee0731694f033928"
x-amz-version-id: Gvm4mYlVEe_h.GZR_1QaemUleZ6lzJX9
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:33 GMT
via: 1.1 varnish
age: 164
x-served-by: cache-bma1665-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1665142353.087246,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 48
content-length: 25119
X-Firefox-Spdy: h2
stootsou.net/pfe/current/tag.min.js?z=2308013
139.45.197.250200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.comodoca4.com/
104.18.32.68200 OK 282 B IP 104.18.32.68:0
Hash e765041509eb62392b1188b50ff33fb9
79be530f95d66f5f3db1e1194a70c225fd6ae0d8
3f6e933cae89e62c000941191eb2dd6945e2bd775039ec6f449be02652a4e9b3
POST / HTTP/1.1
Host: ocsp.comodoca4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 11:32:33 GMT
Content-Type: application/ocsp-response
Content-Length: 282
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 12:47:14 GMT
Expires: Tue, 11 Oct 2022 12:47:13 GMT
Etag: "79be530f95d66f5f3db1e1194a70c225fd6ae0d8"
Cache-Control: max-age=349479,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7566511ac8590b3d-OSL
www.youtube.com/embed/p40-4z8R024
142.250.74.78200 OK 56 kB URL HTTP/2 www.youtube.com/embed/p40-4z8R024
IP 142.250.74.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58528)
Hash e0f46c51af029230ee3924f3449d8977
a4382daf31ec949f00d0581c713693c9f7f5778f
991b3f64fd6b005cadc4d61d1d8841c7895275e63015cfe42580bad459a1f2f0
GET /embed/p40-4z8R024 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 Oct 2022 11:32:32 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Susfg8B-ylQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=0UIguJ8IORU; Domain=.youtube.com; Expires=Wed, 05-Apr-2023 11:32:32 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+498; expires=Sun, 06-Oct-2024 11:32:32 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221006-24-RELEASE.js
151.101.85.44200 OK 146 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221006-24-RELEASE.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65508)
Size 146 kB (145663 bytes)
Hash fc285a975f67a54f7945c067c247cd30
37bd19d10e7f27d9f30cb00c4d46b0ebf37c0453
e8f163dbb4c93e8bb9943c323b1d367bc03c3842c605f0929c3e7d409fa61c00
GET /libtrc/impl.20221006-24-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: n6/SK19NLnheTLTO/dZ+gXN/mZ0mKtCyQZ9vIy45OV+8ykPPwaq4Ja0fCKOoy4MbaMRa7M1iVUE=
x-amz-request-id: F82GZ34E09M4KHVD
last-modified: Thu, 06 Oct 2022 17:20:43 GMT
etag: "fc285a975f67a54f7945c067c247cd30"
content-encoding: br
x-amz-version-id: 1yVrmQoBO9AjyLAf7I.EyG5yQOfZRwzF
content-type: application/javascript
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:33 GMT
via: 1.1 varnish
age: 7910
x-served-by: cache-bma1665-BMA
x-cache: HIT
x-cache-hits: 4809
x-timer: S1665142353.416054,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 91
server: AmazonS3-br
content-length: 145663
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 96423370618a4e8cef79532d1bebee5b
4c0a07466a54f9355819062fb899f86f21716876
1c6ca25ca73d54ab1186a44ef9b3d3ac75d936a4acc11e4d3dbb103a8cb150e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Oct 2022 11:27:37 GMT
expires: Fri, 07 Oct 2022 11:42:37 GMT
cache-control: public, max-age=900
age: 296
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.66302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 07 Oct 2022 11:32:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 96423370618a4e8cef79532d1bebee5b
4c0a07466a54f9355819062fb899f86f21716876
1c6ca25ca73d54ab1186a44ef9b3d3ac75d936a4acc11e4d3dbb103a8cb150e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash de8b5cc85f08ccd709a3c21e8a52c710
428ac6916f6ef935770a1be96ad298a5f95eac08
1a7537716cb0941c014b566736688716955d66e7d7d61ecd210ad6c2eccda2aa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 11:32:33 GMT
Last-Modified: Fri, 07 Oct 2022 10:29:55 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nKlXzLcGv9Nqivdqzy-g8_XpTPcHmOf1iAlRlsGV2wbgg3hPLQLtYQ==
Age: 3758
api.viglink.com/api/ping
52.214.137.185200 OK 259 B IP 52.214.137.185:0
File type ASCII text, with no line terminators
Hash 13ead1a85a5067defb6042a6bc7c8002
79d2eb555cc594dbca199bea90fec7b90a8fc65c
dec30891ae0573426188377d01d7ab58dd7452b26560a297e8a09049e00d4008
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 148
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://sha2awet3eyal.ahlamontada.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Fri, 07 Oct 2022 11:32:33 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A32%3A33.733&type=usage&msg=rtus&llvl=2&id=1204&cv=20221006-24-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A32%3A33.733&type=usage&msg=rtus&llvl=2&id=1204&cv=20221006-24-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A32%3A33.733&type=usage&msg=rtus&llvl=2&id=1204&cv=20221006-24-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 11:32:33 GMT
x-fastly-to-nlb-rtt: 22468
access-control-allow-credentials: true
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.74200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sha2awet3eyal.ahlamontada.com/images/icons-180.png
188.165.2.137200 OK 13 kB URL HTTP/2 sha2awet3eyal.ahlamontada.com/images/icons-180.png
IP 188.165.2.137:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash ecc59e2cf32eb5f013371aeb0c224934
189310884e217e09b359e1a2f8cfda750d447566
e04194dbe6d38939fd077c7bbcc0ddbe2114f52e940345be381a1342b482f4e4
GET /images/icons-180.png HTTP/1.1
Host: sha2awet3eyal.ahlamontada.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/t252-topic
Cookie: exadd=166515; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: image/png
content-length: 13289
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 07 Oct 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.74200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.74:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash f53f54bbcf5491152dc5f490f90ab0b4
28e2ccc4426de465fc66056ba4a3db11023634c8
55e940831277f929b4d3e38bab5330a08498abecc98d0a06f62f63156a00f7f5
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 07 Oct 2022 11:32:34 GMT
server: ESF
cache-control: private
content-length: 30793
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/V6O6m_A4SlO-MjsPbzlPIQ9zQH4BCPezl8YCTT2cIuk.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/V6O6m_A4SlO-MjsPbzlPIQ9zQH4BCPezl8YCTT2cIuk.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36250)
Hash 853d44bb14963607c5a97d5cb86adfcf
7fd1eeb29cdfcd28ea7e6158308ed1cc37d654d9
16304e4de8928d432ff6d0d8b5fecf6ef550bed098921d99fe0c8a23d918b02f
GET /js/th/V6O6m_A4SlO-MjsPbzlPIQ9zQH4BCPezl8YCTT2cIuk.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14322
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 05:04:05 GMT
expires: Thu, 05 Oct 2023 05:04:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 11:00:00 GMT
content-type: text/javascript
age: 196109
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/js/th/Y-zeT9jJ33tCNYTX0Kw8-3I-ogsAM9wZgys9W8554e8.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/Y-zeT9jJ33tCNYTX0Kw8-3I-ogsAM9wZgys9W8554e8.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36103)
Hash be1468c574c2c6f712d8823631904db9
77a0857056c9ab67893b8e70774f6cba3ba714b8
c648f63373880d736eb7a6123915a446cf558182db35aef788cb5e1a75d1dcae
GET /js/th/Y-zeT9jJ33tCNYTX0Kw8-3I-ogsAM9wZgys9W8554e8.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14419
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 09:11:19 GMT
expires: Fri, 06 Oct 2023 09:11:19 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 27 Sep 2022 17:00:00 GMT
content-type: text/javascript
age: 94875
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bac04c5815c2eb20be45626da20433ec
e9df1f5adeaf79b569ed5b0c8711669dac48aea8
7adf6a38926ca2d07e45497ef7a763766006e2ca924434e267b6041fc4f253d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.74200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.74:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 17619073e11f9075c136e0c0674ab923
d0f8e993e44513db8d7d05525238339dd7ed4bca
6e1f4a3643b82216718b1311e22255b8f5af2aea7f31b2df6dd4c9c4108bc6e7
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 07 Oct 2022 11:32:34 GMT
server: ESF
cache-control: private
content-length: 30838
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/p40-4z8R024/hqdefault.jpg
142.250.74.150200 OK 10 kB URL HTTP/2 i.ytimg.com/vi/p40-4z8R024/hqdefault.jpg
IP 142.250.74.150:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 996b0c09b06869bfa9f6095e99a1e8de
e4aefdec68ae58843e1ac17d869a98bd8edc945c
2d92f0afc8d63a9eed29b7412d8661af8824ed2f4b601c83695d1d5333ccf069
GET /vi/p40-4z8R024/hqdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 10253
date: Fri, 07 Oct 2022 11:32:34 GMT
expires: Fri, 07 Oct 2022 13:32:34 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 11:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 11:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 11:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 11:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 11:32:34 GMT
Connection: keep-alive
static.criteo.net/images/pixel.gif?ch=2
178.250.0.130200 OK 43 B URL HTTP/2 static.criteo.net/images/pixel.gif?ch=2
IP 178.250.0.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /images/pixel.gif?ch=2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Mon, 02 Oct 2023 11:32:34 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03835263-33ef-46f3-bb24-467731afac81.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03835263-33ef-46f3-bb24-467731afac81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 174bf241d8cb920a398e42d1c21b99d3
bdf4ef11beb8aa206ec122a38477bb594fa62a5f
261d039dbb733396b2519edb880fd1f1643339ea4654924c6bd665632bd6bc94
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03835263-33ef-46f3-bb24-467731afac81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10979
x-amzn-requestid: 004d2b8c-5aef-423f-8d8b-ea3a5e075026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZXXPFGM7IAMFTNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633938c6-153d167d541238fb11ef6bb9;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 07:07:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: E6waSuH7TevwktN5sNQSoaEKouYLia4MQODErZQ1YyyKU68seK9-dw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 11:37:37 GMT
age: 86097
etag: "bdf4ef11beb8aa206ec122a38477bb594fa62a5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.criteo.net/images/pixel.gif?ch=1
178.250.0.130200 OK 43 B URL HTTP/2 static.criteo.net/images/pixel.gif?ch=1
IP 178.250.0.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /images/pixel.gif?ch=1 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Mon, 02 Oct 2023 11:32:34 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: JYDg0-KelCPr__4bKtpARLrwiE1CHGICcFI6I9_TFCMcmESbykNhXQ==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:50 GMT
age: 48224
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 16339989f5c6c229a3dcc0ed1e52032f
a1ea26d6e4eb4a72cc8c87100b40035dab69d285
16703f888ee6f974bb89e1c4c16a75186b31b64130abcd1a3bcd3741159d912c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13437
x-amzn-requestid: ec801fbc-c339-46ce-ac5f-18d064e5ef21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_HdeoAMFyOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-02b52b770e6e76cf52b26e47;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Iesqk_XbGiZE-n3mTa1_1WtlXiyEqz-4qfyt3_609O1eujdLcFu3zA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:47:25 GMT
age: 49509
etag: "a1ea26d6e4eb4a72cc8c87100b40035dab69d285"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e706a7ca51cd91bb00f8e3d31b6e0005
92b4ca2e474ecc44c455bb853a3078bf5bd3ae1d
1b10c86665080657cb3711f81ea96a414aee8abff99883c23987940fe93fd73a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc902aef-d39a-4522-af06-32745f1f98f1.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc902aef-d39a-4522-af06-32745f1f98f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54e5cb120b19e849a196a1ead868e4c4
15e26ce930dc747f058810837c47a4728efe0b75
a95640f974032f37a613af7648bd83697c72bb4ddf4a459e1393f7c9e8f926c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc902aef-d39a-4522-af06-32745f1f98f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6662
x-amzn-requestid: ea908895-144e-4211-8363-b721f2e4490a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmi9BFvFoAMF89A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b86-1514f8460877c8c31b7136f9;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:41:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: cdG_-k3tyBdbZfZGbk-CD7ii8ZJ2EBr5kaUcvnEoyAmSR6PEdKhZmw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:41 GMT
age: 49733
etag: "15e26ce930dc747f058810837c47a4728efe0b75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed3fa86bbe319c9a2f81ff625e677cb0
e3d5210207f6ff922bc28e328285059c19a523a4
5919694bd942a4f25d5b7ffc3f8aee1af6cdb8461d4ba3dba9a2e72cf19164c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7261
x-amzn-requestid: e1bdf299-b29e-4f58-9c8a-33f5dacdb081
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmirBELYoAMFfgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b13-1969b32c6f4f7e5749e7caa0;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: FO5iGJFmDfdklhzIVOxp4x3AV7ltFqBDDlYBz39Zzx99t7oykNR2WQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 49734
etag: "e3d5210207f6ff922bc28e328285059c19a523a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90f323a3b73cab85abdce9b6631e8d93
36e42d12a193c90fbc03a7d13a1711f24bf6f2a2
259aecd4212d5c91c4eeb930d99e28ce420af50d987e93d99974f6db1127ff28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 8e8e58e6-a6d5-41ef-8246-bb276b882852
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmihYGo2oAMFXYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ad5-06b81112046a7b2b3b898a3d;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: kctKeNa9LqP47hiCMEj7tkJFZVjgLi0LEJD_gGsCTjJ5lF4RC-UvHA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:07:00 GMT
age: 48334
etag: "36e42d12a193c90fbc03a7d13a1711f24bf6f2a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bac04c5815c2eb20be45626da20433ec
e9df1f5adeaf79b569ed5b0c8711669dac48aea8
7adf6a38926ca2d07e45497ef7a763766006e2ca924434e267b6041fc4f253d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
52.214.137.185200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
IP 52.214.137.185:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.js?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Fri, 07 Oct 2022 11:32:34 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1791947980.1665142353&jid=1249349050&gjid=1108725704&_gid=2083637392.1665142353&_u=YEBAAUAAAAAAACAAI~&z=514289915
173.194.73.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1791947980.1665142353&jid=1249349050&gjid=1108725704&_gid=2083637392.1665142353&_u=YEBAAUAAAAAAACAAI~&z=514289915
IP 173.194.73.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1791947980.1665142353&jid=1249349050&gjid=1108725704&_gid=2083637392.1665142353&_u=YEBAAUAAAAAAACAAI~&z=514289915 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 07 Oct 2022 11:32:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
52.214.137.185200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP 52.214.137.185:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Fri, 07 Oct 2022 11:32:33 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.74200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.74:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash a6efbca90c217020b85f741e1a42a714
a5ac6e423a223c38217705734a0edc51edb02892
cc19ccf618599b8fcbf4e984c35eea7a0a11b5e7c574c88653a020203af261ba
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 07 Oct 2022 11:32:34 GMT
server: ESF
cache-control: private
content-length: 30843
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/trc/3/json?tim=11%3A32%3A33.743<i=deflated&data=%7B%22id%22%3A535%2C%22ii%22%3A%22%2Ft252-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1665078006190%2C%22vi%22%3A1665142353740%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic%22%2C%22vpi%22%3A%22%2Ft252-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A5249%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A333.3999938964844%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A5208.89990234375%2C%22mw%22%3A979.5999755859375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft252-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
151.101.85.44200 OK 14 kB URL HTTP/2 trc.taboola.com/forumotion-ar/trc/3/json?tim=11%3A32%3A33.743<i=deflated&data=%7B%22id%22%3A535%2C%22ii%22%3A%22%2Ft252-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1665078006190%2C%22vi%22%3A1665142353740%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic%22%2C%22vpi%22%3A%22%2Ft252-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A5249%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A333.3999938964844%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A5208.89990234375%2C%22mw%22%3A979.5999755859375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft252-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP 151.101.85.44:0
File type Unicode text, UTF-8 text, with very long lines (46307), with no line terminators
Hash f42e5d5bfa8d922abaf6b605f3e307b5
3df3df6db5516aff3afe3f4e3c30a1250e143ffc
92156d35c2414c7eb87c50615a3384f0d38f8c27a1feb4d7a385409e54a94c78
GET /forumotion-ar/trc/3/json?tim=11%3A32%3A33.743<i=deflated&data=%7B%22id%22%3A535%2C%22ii%22%3A%22%2Ft252-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1665078006190%2C%22vi%22%3A1665142353740%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic%22%2C%22vpi%22%3A%22%2Ft252-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A5249%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A333.3999938964844%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A5208.89990234375%2C%22mw%22%3A979.5999755859375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft252-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142354.782348,VS0,VE447
vary: Accept-Encoding
x-vcl-time-ms: 447
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221006-24-RELEASE.es6.js
151.101.85.44200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221006-24-RELEASE.es6.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (17842)
Hash df77280ed4b5d46ce09b244c63613d40
50d46371cb5323f69d64f87f2ab80a34ad352d1b
3563466e76c74b94cf9b8ead8bf18f7387705c59c392a52e24230698c01e97eb
GET /libtrc/userx.20221006-24-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 9vGctQz3EMTgTOUIv3mORpB9Rvzy1VFw27OTod1vqs5cmTr5HFS1TyxQ++Y/fYAtOFIXX6S7ou4=
x-amz-request-id: 22XMQJP2AZE25RHC
x-amz-replication-status: COMPLETED
last-modified: Thu, 06 Oct 2022 17:40:44 GMT
etag: "39801ec1cf77179e8d0ed9020756d4ca"
x-amz-version-id: Xho3jQc6ETeqM1SpMlkMc31ochb.sy2X
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:34 GMT
via: 1.1 varnish
age: 43
x-served-by: cache-bma1665-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1665142355.522584,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 91
content-length: 5398
X-Firefox-Spdy: h2
vidstat.taboola.com/lite-unit/3.9.5/UnitWidgetItemDesktop.min.js
151.101.85.44200 OK 30 kB URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.5/UnitWidgetItemDesktop.min.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash a7b72a082fc5e3bc4aabbb79f73fb604
31cc6cd9b3dfbd31d24cd47dd2fcb29f5522822f
bf20590ab0b6486faa1a22e447f2ae149aa76742fd65fa43993646031d90a1e1
GET /lite-unit/3.9.5/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 09:04:05 GMT
etag: "8b1ffbd4f9c44c447f9a11e92fbb9112"
server: AmazonS3
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: AfyrLxGlKNoXsjSvShOJ1QFm2rrv76iJaqEsgbMoQU-1oTsr3wJz-Q==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:34 GMT
age: 2082466
x-served-by: cache-bma1665-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 62913
x-timer: S1665142355.524663,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 29884
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1cecd042e106c70af7e8f0d9863ca3d9
fa94604e9e99c752d18708abcec8584a5eee66ea
3525f542ce5a72795646c2bba144333920f67f3e9938748f9d3bd3aff9ac496e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1791947980.1665142353&jid=1249349050&_u=YEBAAUAAAAAAACAAI~&z=1094381090
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1791947980.1665142353&jid=1249349050&_u=YEBAAUAAAAAAACAAI~&z=1094381090
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1791947980.1665142353&jid=1249349050&_u=YEBAAUAAAAAAACAAI~&z=1094381090 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 11:32:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1cecd042e106c70af7e8f0d9863ca3d9
fa94604e9e99c752d18708abcec8584a5eee66ea
3525f542ce5a72795646c2bba144333920f67f3e9938748f9d3bd3aff9ac496e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu_Ori0M3kwwb3myAiTkxBuO2Uc0LonoqTmvvbPT=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 2.5 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu_Ori0M3kwwb3myAiTkxBuO2Uc0LonoqTmvvbPT=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 63a8fb44763e34bd8178b5486d89e86c
f8e2553c59657b08e97d3a4140daf5f40afcd49f
1548eba77f7cb46e3f7c391b5ff2f6e572ca556ddc56f0c0595fec6cbef1704f
GET /ytc/AMLnZu_Ori0M3kwwb3myAiTkxBuO2Uc0LonoqTmvvbPT=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v7"
expires: Sat, 08 Oct 2022 11:32:34 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 11:32:34 GMT
server: fife
content-length: 2499
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e706a7ca51cd91bb00f8e3d31b6e0005
92b4ca2e474ecc44c455bb853a3078bf5bd3ae1d
1b10c86665080657cb3711f81ea96a414aee8abff99883c23987940fe93fd73a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic&encoded=1&uid=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1&variant=0|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1665142354521&tagid=&cntry=NO&platform=1&sesid=b85510a2fc82069fd2ae68a323d411a4&itemid=/t252-topic&viewid=1665142353740&geolat=&geoing=&deviceifa=&appid=&sd=v2_b85510a2fc82069fd2ae68a323d411a4_6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1_1665142353_1665142353_CNawjgYQ3pxDGMze35G7MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ri=478167a1a3cc4bd8942d19b3fb0efad1&appname=&cdb=&gdprApplies=true&rid=&sii=-1517097255915181270&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=8711
151.101.85.44200 OK 40 kB URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic&encoded=1&uid=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1&variant=0|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1665142354521&tagid=&cntry=NO&platform=1&sesid=b85510a2fc82069fd2ae68a323d411a4&itemid=/t252-topic&viewid=1665142353740&geolat=&geoing=&deviceifa=&appid=&sd=v2_b85510a2fc82069fd2ae68a323d411a4_6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1_1665142353_1665142353_CNawjgYQ3pxDGMze35G7MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ri=478167a1a3cc4bd8942d19b3fb0efad1&appname=&cdb=&gdprApplies=true&rid=&sii=-1517097255915181270&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=8711
IP 151.101.85.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c076fcb69aff01295577c8313dad70f5
ea09317fc9e4001f11b4b61c6600448c1cacc8d9
2bb77056711bdb17778c37a14e2b9e6fc5f807a9fd2c3360f2fcd4aa29de70b9
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic&encoded=1&uid=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1&variant=0|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1665142354521&tagid=&cntry=NO&platform=1&sesid=b85510a2fc82069fd2ae68a323d411a4&itemid=/t252-topic&viewid=1665142353740&geolat=&geoing=&deviceifa=&appid=&sd=v2_b85510a2fc82069fd2ae68a323d411a4_6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1_1665142353_1665142353_CNawjgYQ3pxDGMze35G7MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ri=478167a1a3cc4bd8942d19b3fb0efad1&appname=&cdb=&gdprApplies=true&rid=&sii=-1517097255915181270&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=8711 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1403
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142355.552575,VS0,VE31
vary: Accept-Encoding
X-Firefox-Spdy: h2
api.viglink.com/api/domains
52.214.137.185200 OK 41 B URL HTTP/1.1 api.viglink.com/api/domains
IP 52.214.137.185:0
File type ASCII text, with no line terminators
Hash 766b38b3480e2edcdb418c1998e3a10f
95baf823b6ad526ef80244921b51faa2cbc02d5f
d237bb615324286ed256d8b017e5dce64bf7b3f6f81657d2186b6f69f54296fd
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 266
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://sha2awet3eyal.ahlamontada.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Fri, 07 Oct 2022 11:32:34 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 373
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 07 Oct 2022 11:32:34 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=ahlamontada.com&sn=FirefoxSyncframe&so=0&topUrl=sha2awet3eyal.ahlamontada.com&info=Fkyr5l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0dIa045TWJ4cEFUbjhQZlhYZGJUblI&idsd=-1244788209,-1379009161&cw=1&lsw=1
178.250.0.157200 OK 12 kB URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=ahlamontada.com&sn=FirefoxSyncframe&so=0&topUrl=sha2awet3eyal.ahlamontada.com&info=Fkyr5l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0dIa045TWJ4cEFUbjhQZlhYZGJUblI&idsd=-1244788209,-1379009161&cw=1&lsw=1
IP 178.250.0.157:0
Hash 57471a36c9df9826cbd4384426e3f658
4d5c1bf19e631f04c864bc4e3c7277570a6acb9b
914dff832ef906a655c441bd4d2f42d5f76dbde8214395fba111b6a1d545e895
GET /sid/json?origin=publishertag&domain=ahlamontada.com&sn=FirefoxSyncframe&so=0&topUrl=sha2awet3eyal.ahlamontada.com&info=Fkyr5l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0dIa045TWJ4cEFUbjhQZlhYZGJUblI&idsd=-1244788209,-1379009161&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 977815
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A32%3A34.726&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=67&cv=20221006-24-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A32%3A34.726&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=67&cv=20221006-24-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A32%3A34.726&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=67&cv=20221006-24-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
x-fastly-to-nlb-rtt: 77143
access-control-allow-credentials: true
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sha2awet3eyal.ahlamontada.com/
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sha2awet3eyal.ahlamontada.com/
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/
Content-Type: application/json
Origin: https://sha2awet3eyal.ahlamontada.com
Content-Length: 405
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2549a5f163f580703765790e9883db69
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/
Content-Type: application/json
Origin: https://sha2awet3eyal.ahlamontada.com
Content-Length: 789
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f9bbcb45636df201e8830b8787fa8168
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1353103534__geKqXJBe.jpg
151.101.85.44200 OK 4.3 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1353103534__geKqXJBe.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cb6a84ef4d85d190e64e9c5441c0e5d9
9249ec071223f61c5c1f8106f383e13ea5a3f348
54fb09a8d5dc1786e5eae3bdcbdda702bc9736b131ec3700b71d407d9ef4b89c
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1353103534__geKqXJBe.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 333797471199571061151474758417713503611,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 333797471199571061151474758417713503611,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "78723bf82545d5412fd840fd18921b2c"
last-modified: Mon, 19 Sep 2022 14:19:32 GMT
req-referer: https://mojafirma.infor.pl/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 369b0f495eca5348909e24ac219a86c6
x-envoy-upstream-service-time: 604
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
age: 1386828
x-served-by: cache-iad-kjyo7100033-IAD, cache-iad-kjyo7100064-IAD, cache-sna10730-LGB, cache-iad-kjyo7100144-IAD, cache-bma1665-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1665142355.232257,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1353103534__geKqXJBe.jpg
x-vcl-time-ms: 1
content-length: 4320
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/73124f283ea6c04e597b5b0f2ea1f094.jpg
151.101.85.44200 OK 14 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/73124f283ea6c04e597b5b0f2ea1f094.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5018d8c558a346582cddd960108a66db
db997b83130b60b30ee3d18f4373a1bb8c78837b
0a5bef1a711762a207b71266e05ee0bfd107bd5d063109f6379d7d075acdfec4
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/73124f283ea6c04e597b5b0f2ea1f094.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 474078088037579050752232479825912579972,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 474078088037579050752232479825912579972,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "bfe09257a5faa90a160acfa595f8a146"
expiration: expiry-date="Fri, 26 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 26 Jul 2022 01:49:47 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 61
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
age: 5658412
x-served-by: cache-iad-kjyo7100161-IAD, cache-iad-kcgs7200144-IAD, cache-lga21929-LGA, cache-iad-kcgs7200060-IAD, cache-bma1665-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1665142355.232337,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/73124f283ea6c04e597b5b0f2ea1f094.jpg
x-vcl-time-ms: 1
content-length: 13460
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f9782a703938d25eeaa13c6976d149ea.jpeg
151.101.85.44200 OK 7.8 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f9782a703938d25eeaa13c6976d149ea.jpeg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 46d8908b2791746e5870faa08a17c54f
a33df58e89b0dab1d6bba0a60e33ca3494ea58cf
bcf3d34dedb9f8386ebbe0a76fb51d657ec35c4ce2e3d2001d1e248dd34906d4
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f9782a703938d25eeaa13c6976d149ea.jpeg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 510352782764538004332553421493634350821,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 510352782764538004332553421493634350821,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "30dd6d9294129c52ca8d09c2df99e8bf"
expiration: expiry-date="Wed, 21 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sun, 21 Aug 2022 08:12:40 GMT
req-referer: https://mamul.am/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 168
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
age: 1426364
x-served-by: cache-iad-kiad7000065-IAD, cache-iad-kcgs7200169-IAD, cache-bur-kbur8200067-BUR, cache-iad-kcgs7200132-IAD, cache-bma1665-BMA
x-cache: MISS, MISS, HIT, MISS, HIT
x-cache-hits: 0, 0, 1, 0, 1
x-timer: S1665142355.232558,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f9782a703938d25eeaa13c6976d149ea.jpeg
x-vcl-time-ms: 1
content-length: 7840
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f55/15/01/00/96/x1010.gif
151.101.85.44200 OK 4.9 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f55/15/01/00/96/x1010.gif
IP 151.101.85.44:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x184, components 3\012- data
Hash b289f8e1c6889beac0f1664c17a92fa8
ede3233b212e07f5f42f1fa15b34311ea89e9092
f3b029d2c3fb5f562ba5159a6e8174cde56c4d32f83ec88c7888663bc4ab3205
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f55/15/01/00/96/x1010.gif HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 574731196228743971934801897732286999556,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
content-type: image/jpeg
edge-cache-tag: 574731196228743971934801897732286999556,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "b289f8e1c6889beac0f1664c17a92fa8"
last-modified: Wed, 05 Oct 2022 23:11:11 GMT
server: cloudinary
status: 200 OK
timing-allow-origin: *
x-request-id: ec1e174c2de63774088c6581fa8322b9
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-backend-name: CLOUDINARY:3FP7YNX3LMizprTZsG7BSW--F_addr_taboola_res_cloudinary_com
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
age: 130411
x-served-by: cache-iad-kcgs7200101-IAD, cache-iad-kjyo7100142-IAD, cache-bma1665-BMA
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 16, 1
x-timer: S1665142355.232770,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f55/15/01/00/96/x1010.gif
x-vcl-time-ms: 2
content-length: 4920
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f87/13/67/49/60/new_im10.gif
151.101.85.44200 OK 26 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f87/13/67/49/60/new_im10.gif
IP 151.101.85.44:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x184, components 3\012- data
Hash 11f14d24f96a09eedae54e66339a2fb1
94a9c78d8f9dbfb0810e5a7838cb02f371701487
ce3346f5178fdd698d97c0618905157d20cb8650e603c1cced92b06f7656d53e
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f87/13/67/49/60/new_im10.gif HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 382400083099202222357128551991304548277,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
content-type: image/jpeg
edge-cache-tag: 382400083099202222357128551991304548277,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
etag: "11f14d24f96a09eedae54e66339a2fb1"
last-modified: Sun, 02 Oct 2022 15:20:11 GMT
server: cloudinary
status: 200 OK
timing-allow-origin: *
x-request-id: 5e7679a4e32664c52c821a0825c03fa7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-backend-name: CLOUDINARY:3FP7YNX3LMizprTZsG7BSW--F_addr_taboola_res_cloudinary_com
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
age: 190201
x-served-by: cache-iad-kcgs7200079-IAD, cache-iad-kcgs7200152-IAD, cache-bma1665-BMA
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 9, 0
x-timer: S1665142355.222151,VS0,VE91
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f87/13/67/49/60/new_im10.gif
x-vcl-time-ms: 91
content-length: 25534
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&cmcv=&pix=31589837&cb=1665142355439&uv=3230&tms=1665142355439&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1665142351378!ts:1665142355439&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&cmcv=&pix=31589837&cb=1665142355439&uv=3230&tms=1665142355439&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1665142351378!ts:1665142355439&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&cmcv=&pix=31589837&cb=1665142355439&uv=3230&tms=1665142355439&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1665142351378!ts:1665142355439&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-length: 0
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 15 kB IP 178.250.0.157:0
Hash 69493339aef18503e006c21619050a81
32ee874ab27e8a3df6720bad9c8a56c3f324cc0c
b67484fe8b9557ef7d0eee6c452949797ff1ad70e4b20b69ff0005755e0d37dd
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=Fkyr5l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0dIa045TWJ4cEFUbjhQZlhYZGJUblI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=AJqZ5V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0V2b1JrVjVTUGpVYTFTMGFIakpPTWs; expires=Wed, 01 Nov 2023 11:32:35 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 265770
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&cmcv=&pix=31589837&cb=1665142355528&uv=3230&tms=1665142355528&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1665142351378!ts:1665142355528&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&cmcv=&pix=31589837&cb=1665142355528&uv=3230&tms=1665142355528&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1665142351378!ts:1665142355528&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&cmcv=&pix=31589837&cb=1665142355528&uv=3230&tms=1665142355528&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1665142351378!ts:1665142355528&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-length: 0
X-Firefox-Spdy: h2
api.viglink.com/api/domains
52.214.137.185200 OK 42 B URL HTTP/1.1 api.viglink.com/api/domains
IP 52.214.137.185:0
File type ASCII text, with no line terminators
Hash a1e0ca5b704a12b75a82ac0dcc2402e9
a4e89a700ba0644e491cd48f1c8165b4c4035435
d0a8c61584c320699ba9622039c6ae491188d0e68bc22836cac71f52336172c6
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 339
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://sha2awet3eyal.ahlamontada.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Fri, 07 Oct 2022 11:32:35 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 42
Connection: keep-alive
vidstat.taboola.com/vpaid/units/32_3_0/assets/css/cmOsUnit.css
151.101.85.44200 OK 8.3 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_3_0/assets/css/cmOsUnit.css
IP 151.101.85.44:0
Hash a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991
GET /vpaid/units/32_3_0/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 0GqLaJTEoq08w5K50fWnlIkmwRUDC7J31N0fV9+A4Z6KszF9Z1W8ZNtpYCwSbihwX1C1LBMzRhQ=
x-amz-request-id: EA4A1MTNA1QRKAVQ
last-modified: Sat, 24 Sep 2022 09:07:48 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1664010467
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1664010467
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
age: 1131758
x-served-by: cache-bma1665-BMA
x-cache: HIT
x-cache-hits: 205401
x-timer: S1665142356.612895,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 1.4 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash 709f9930ff155580964a1db6ed22c03c
94fe1fb0387a1d985818041e0fd28e7a78160e9f
1be3f512c72d526c12ea22d15595188307e88436d17f6fa08b16515b85c6319c
GET /sync?dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&cmcv=&pix=undefined&cb=1665142355440&uv=3230&tms=1665142355440&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=a5e6c281-eb43-4bef-b0f5-a1fe678d9365&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.85.44200 OK 127 kB URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&cmcv=&pix=undefined&cb=1665142355440&uv=3230&tms=1665142355440&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=a5e6c281-eb43-4bef-b0f5-a1fe678d9365&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.85.44:0
Size 127 kB (127267 bytes)
Hash e3841344053d9fbf9cc6983d3b5a70dd
4e602c1b0c69024d5c2742dc8b067230263763d5
ec0fd97e8d6228ffe9a5c4b94c8f3e83016b05929c153328567f660bc5cf1535
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&cmcv=&pix=undefined&cb=1665142355440&uv=3230&tms=1665142355440&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=a5e6c281-eb43-4bef-b0f5-a1fe678d9365&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142355.475730,VS0,VE21
vary: Accept-Encoding
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 98e53ffb236c7a6574f05d841c584f31
c86433374b2161247a28cef3a379e71838e9599b
a0b03eabdaa98a4f8736d9670163fe8601f3bd725b56e0b96169fdc0ba429dd0
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4187
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:35 GMT
Last-Modified: Fri, 07 Oct 2022 10:22:48 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 98e53ffb236c7a6574f05d841c584f31
c86433374b2161247a28cef3a379e71838e9599b
a0b03eabdaa98a4f8736d9670163fe8601f3bd725b56e0b96169fdc0ba429dd0
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6094
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:35 GMT
Last-Modified: Fri, 07 Oct 2022 09:51:01 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 98e53ffb236c7a6574f05d841c584f31
c86433374b2161247a28cef3a379e71838e9599b
a0b03eabdaa98a4f8736d9670163fe8601f3bd725b56e0b96169fdc0ba429dd0
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4187
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:35 GMT
Last-Modified: Fri, 07 Oct 2022 10:22:48 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 07 Oct 2022 11:32:35 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bdaf6e03-4633-11ed-817b-19b4ac340406; expires=Fri, 04-Nov-2022 11:32:35 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdaf6e44-4633-11ed-817b-19b4ac340406
X-fe: 89
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
trc.taboola.com/forumotion-ar/log/3/explore?route=AM:IL:V<i=deflated&ri=e3b61c198827bf5be458464b0cd21a29&sd=v2_b85510a2fc82069fd2ae68a323d411a4_6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1_1665142353_1665142353_CNawjgYQ3pxDGMze35G7MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1&pi=/t252-topic&wi=-1517097255915181270&pt=text&vi=1665142353740&li=rbox-t2m<=deflated&tim=11%3A32%3A35.579&id=5036&llvl=2&cv=20221006-24-RELEASE&
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/explore?route=AM:IL:V<i=deflated&ri=e3b61c198827bf5be458464b0cd21a29&sd=v2_b85510a2fc82069fd2ae68a323d411a4_6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1_1665142353_1665142353_CNawjgYQ3pxDGMze35G7MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1&pi=/t252-topic&wi=-1517097255915181270&pt=text&vi=1665142353740&li=rbox-t2m<=deflated&tim=11%3A32%3A35.579&id=5036&llvl=2&cv=20221006-24-RELEASE&
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/3/explore?route=AM:IL:V<i=deflated&ri=e3b61c198827bf5be458464b0cd21a29&sd=v2_b85510a2fc82069fd2ae68a323d411a4_6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1_1665142353_1665142353_CNawjgYQ3pxDGMze35G7MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1&pi=/t252-topic&wi=-1517097255915181270&pt=text&vi=1665142353740&li=rbox-t2m<=deflated&tim=11%3A32%3A35.579&id=5036&llvl=2&cv=20221006-24-RELEASE& HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142356.764035,VS0,VE87
x-vcl-time-ms: 87
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.14200 OK 46 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0098aa0f5f44751331212188edcd515c
9d4dce297b3b83d2a0400f0598931cbd0864939f
3ae84d2c89cb50ee82294fbb4db55963b0657536d6b7b5e86415eaa2f45487fc
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 101820
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&cmcv=&pix=undefined&cb=1665142355529&uv=3230&tms=1665142355529&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=a54e5cb7-fff4-4a71-a1ea-b0bb50573da1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.85.44200 OK 448 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&cmcv=&pix=undefined&cb=1665142355529&uv=3230&tms=1665142355529&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=a54e5cb7-fff4-4a71-a1ea-b0bb50573da1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.85.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (928), with no line terminators
Hash 6ccfeff2024d7b72de16fc5e9b1b1806
3e325a3883c76d3836726957857217558a036c26
8be0563126360027efc3b2c38335c1fd67d7934b232940c5e12e94e933c8f920
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&cmcv=&pix=undefined&cb=1665142355529&uv=3230&tms=1665142355529&abt=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=a54e5cb7-fff4-4a71-a1ea-b0bb50573da1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142356.567391,VS0,VE23
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.betgorebysson.club/apu.php?zoneid=3765907
139.45.195.8200 OK 29 kB URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP 139.45.195.8:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e1012a06b4bee8ba006f9dd03fc032f3
b7916f57ef1b64489dd8076ac4492892d923bf30
e09763cc4aa9ab4721b6430077ab7ef90df867f3ab83455a561f525ef34156a9
Analyzer Verdict Alert fortinet Malware
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/javascript
x-trace-id: 31b8ec5912bed959cc7e0679629b3571
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=935c58519c944ae5b41deb64f3dfa2da; expires=Sat, 07 Oct 2023 11:32:35 GMT; path=/; secure; SameSite=None
oaidts=1665142355; expires=Sat, 07 Oct 2023 11:32:35 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.74200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.74:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d00a0613c52950f2d5a735b00fc497a9
bfef5e298f13cd0721d27831193d57fa19cabfaa
3227fd90666670967b794a0798e6b0adc954c6b3ece0cf8ce3d3e28e767382c2
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1011
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 07 Oct 2022 11:32:35 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.85.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.85.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
age: 14494
x-served-by: cache-bma1665-BMA
x-cache: HIT
x-cache-hits: 1806
x-timer: S1665142356.999764,VS0,VE0
cache-control: private,max-age=31536000
abp: 91
content-length: 254
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=542562,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7566512dcf93b503-OSL
my.rtmark.net/gid.js?userId=935c58519c944ae5b41deb64f3dfa2da
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=935c58519c944ae5b41deb64f3dfa2da
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 607eda2fb3b8c0693d673f5098321a1d
bcde9cb1c1a9f3cfd2e7058bf6a697f286ad57b4
e1910d1fa0f2354560f8e7a74d53b78f99664074d8553a5aa5b22075f9a0aa86
GET /gid.js?userId=935c58519c944ae5b41deb64f3dfa2da HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:36 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=935c58519c944ae5b41deb64f3dfa2da; expires=Sat, 07 Oct 2023 11:32:36 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=ahlamontada.com&sn=FirefoxSyncframe&so=3&topUrl=sha2awet3eyal.ahlamontada.com&bundle=e2HK2l9ZbGZQUjhBQkhiVE9kczdJY0pLUXRDUnQzMk80b29pMCUyQkFWNXdYNmNTdldlQk5OYW1iNldBNURjZ2x1SWl3aVFuayUyQjRZU3NYZHNGQVJiJTJGNDMlMkYxSlYxWiUyRnU2bG5Handjbzd2WXVKOXhDdjk2UyUyRjYwY21mV1lnQjI0cGN6JTJCakJvWlpObFpOd3A3ekJjaDlINmtkMWIydyUzRCUzRA&info=AJqZ5V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0V2b1JrVjVTUGpVYTFTMGFIakpPTWs&idsd=-1244788209,-1379009161&cw=1&rtusCallerId=72&lsw=1
178.250.0.157200 OK 315 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=ahlamontada.com&sn=FirefoxSyncframe&so=3&topUrl=sha2awet3eyal.ahlamontada.com&bundle=e2HK2l9ZbGZQUjhBQkhiVE9kczdJY0pLUXRDUnQzMk80b29pMCUyQkFWNXdYNmNTdldlQk5OYW1iNldBNURjZ2x1SWl3aVFuayUyQjRZU3NYZHNGQVJiJTJGNDMlMkYxSlYxWiUyRnU2bG5Handjbzd2WXVKOXhDdjk2UyUyRjYwY21mV1lnQjI0cGN6JTJCakJvWlpObFpOd3A3ekJjaDlINmtkMWIydyUzRCUzRA&info=AJqZ5V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0V2b1JrVjVTUGpVYTFTMGFIakpPTWs&idsd=-1244788209,-1379009161&cw=1&rtusCallerId=72&lsw=1
IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (385), with no line terminators
Hash b5a552fff6a13a987ce82c008cfd1f5a
38fb9efd378af7116b285600b6389e0213375a5c
c71e6e25a68511f03c39fda7ea53965c8cf708f301ac3412534d55c8a1da2304
GET /sid/json?origin=rtus&domain=ahlamontada.com&sn=FirefoxSyncframe&so=3&topUrl=sha2awet3eyal.ahlamontada.com&bundle=e2HK2l9ZbGZQUjhBQkhiVE9kczdJY0pLUXRDUnQzMk80b29pMCUyQkFWNXdYNmNTdldlQk5OYW1iNldBNURjZ2x1SWl3aVFuayUyQjRZU3NYZHNGQVJiJTJGNDMlMkYxSlYxWiUyRnU2bG5Handjbzd2WXVKOXhDdjk2UyUyRjYwY21mV1lnQjI0cGN6JTJCakJvWlpObFpOd3A3ekJjaDlINmtkMWIydyUzRCUzRA&info=AJqZ5V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0V2b1JrVjVTUGpVYTFTMGFIakpPTWs&idsd=-1244788209,-1379009161&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 529019
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdaf6e44-4633-11ed-817b-19b4ac340406
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdaf6e44-4633-11ed-817b-19b4ac340406
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdaf6e44-4633-11ed-817b-19b4ac340406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bdefcf53-4633-11ed-afbb-124172220306; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 70
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bdef9683-4633-11ed-881c-1ce730eb0206; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdef96ca-4633-11ed-881c-1ce730eb0206
X-fe: 140
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bdefad46-4633-11ed-bc13-13b80d860406; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdefad7c-4633-11ed-bc13-13b80d860406
X-fe: 115
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.5/OvaMediaPlayer.js
151.101.85.44200 OK 87 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.5/OvaMediaPlayer.js
IP 151.101.85.44:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 37f1d29f3f340126a8d87de26020b990
157ccc63f7608ed316e3e0d003379b56c213e917
fd033725fa5c7f08e4920ccc00497481766349c9362a2b072722a3eb71fece9b
GET /vpaid/vPlayer/player/v14.8.5/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: pOAFugC7p8wsmuUo+i7YuDs6kkU0vhnIGQk1LVczAl9AHRD6gKvohsLUz/rP8jDEvocbdIB437Q=
x-amz-request-id: XWMC8N7PPY5CKERA
last-modified: Mon, 03 Oct 2022 10:56:43 GMT
etag: "37f1d29f3f340126a8d87de26020b990"
x-amz-meta-ctime: 1664794602
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1664794590
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:36 GMT
via: 1.1 varnish
age: 347653
x-served-by: cache-bma1665-BMA
x-cache: HIT
x-cache-hits: 65428
x-timer: S1665142356.233447,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87174
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.74200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.74:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 115e5d7f0f73cea0be0ad69ebba29327
e7f2432a9d1b78aeb0fe8ef4e69d46e6e21eafc7
02e5621909847ffc44ced6a46360b3f7196a45df2634e291d468acfcd24f94c6
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 939
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 07 Oct 2022 11:32:36 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.betgorebysson.club/?rb=be5Vwz3X_gdpf8CjCL9ZAobIDxCxqgdlICBITbO6B97guo0-Hod6h--9DMR-yWV1AUuf42Ua1MV3O22rTBX5xEH-v9v-R7C1JmHnb2lFILIgak1ooyd0Cg7jBhFUGwpxa_6YC5ORK0iVjF_5wRvt2E79ody0F3n2BYHnTUW9eydg5rwfDd20jaP9mDjIXnya5OM0gHYE-ReAu3Wj7GjNkjtGT5iL0Vx0zGBshSaReAwKoXgp&request_ab2=0&zoneid=3765907&js_build=iclick-v1.434.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=11&pl=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.434.0&bs=355fdd10-9a2c-4b72-a418-97530d5ecf75&userId=935c58519c944ae5b41deb64f3dfa2da&m=link
139.45.195.8200 OK 93 kB URL HTTP/2 cdn.betgorebysson.club/?rb=be5Vwz3X_gdpf8CjCL9ZAobIDxCxqgdlICBITbO6B97guo0-Hod6h--9DMR-yWV1AUuf42Ua1MV3O22rTBX5xEH-v9v-R7C1JmHnb2lFILIgak1ooyd0Cg7jBhFUGwpxa_6YC5ORK0iVjF_5wRvt2E79ody0F3n2BYHnTUW9eydg5rwfDd20jaP9mDjIXnya5OM0gHYE-ReAu3Wj7GjNkjtGT5iL0Vx0zGBshSaReAwKoXgp&request_ab2=0&zoneid=3765907&js_build=iclick-v1.434.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=11&pl=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.434.0&bs=355fdd10-9a2c-4b72-a418-97530d5ecf75&userId=935c58519c944ae5b41deb64f3dfa2da&m=link
IP 139.45.195.8:0
Hash 3aaf24a39f0f70d07ea4131efef847ae
6d7afb20f255b955aec1a2264baedee763c9a7e5
a6d914a0fcaffe9abca87fa2b68525846fdbcb44a9d2a32c37b902145fe63647
GET /?rb=be5Vwz3X_gdpf8CjCL9ZAobIDxCxqgdlICBITbO6B97guo0-Hod6h--9DMR-yWV1AUuf42Ua1MV3O22rTBX5xEH-v9v-R7C1JmHnb2lFILIgak1ooyd0Cg7jBhFUGwpxa_6YC5ORK0iVjF_5wRvt2E79ody0F3n2BYHnTUW9eydg5rwfDd20jaP9mDjIXnya5OM0gHYE-ReAu3Wj7GjNkjtGT5iL0Vx0zGBshSaReAwKoXgp&request_ab2=0&zoneid=3765907&js_build=iclick-v1.434.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=11&pl=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com%2Ft252-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.434.0&bs=355fdd10-9a2c-4b72-a418-97530d5ecf75&userId=935c58519c944ae5b41deb64f3dfa2da&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Cookie: OAID=935c58519c944ae5b41deb64f3dfa2da; oaidts=1665142355
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:36 GMT
content-type: application/json
x-trace-id: 0c5ad20ac221522955c0b85201a14dd9
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=935c58519c944ae5b41deb64f3dfa2da; expires=Sat, 07 Oct 2023 11:32:36 GMT; path=/; secure; SameSite=None
oaidts=1665142356; expires=Sat, 07 Oct 2023 11:32:36 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 14 Oct 2022 11:32:36 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.74200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.74:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 87d6c996ad7e4fbd37303657d8b8651a
3b625d7bfc0a66faf1ab338bd58aa50a2978673d
1d17db9aa7ec55ac709b46ff3484b0050e2d789648f9caad5336428242d1b0f7
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 923
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 07 Oct 2022 11:32:36 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 742 B URL HTTP/2 am-match.taboola.com/sync?dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Hash 98a76f3a7fd5e8337ef3301d5d69d0d7
f7c260a4e32ec68e61dc6e25c3b7e4d2b572c6a6
878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3
GET /sync?dast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:36 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdefad7c-4633-11ed-bc13-13b80d860406
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdefad7c-4633-11ed-bc13-13b80d860406
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdefad7c-4633-11ed-bc13-13b80d860406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=be164d7a-4633-11ed-b7fa-14d534130406; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 57
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdef96ca-4633-11ed-881c-1ce730eb0206
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdef96ca-4633-11ed-881c-1ce730eb0206
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bdef96ca-4633-11ed-881c-1ce730eb0206 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=be1676d5-4633-11ed-9132-1a3cf9d10506; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 55
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 5b98b294f4ad7868e3400b9047c983ae
264552be38f8284c5590f4c3ff86402daf4ea9c2
d7962d0d1dbd65cff3d94f1e7e2e6de4ba0ae0220b996429638f0144d77d581e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4882
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:36 GMT
Last-Modified: Fri, 07 Oct 2022 10:11:14 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:36 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.22200 OK 963 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.22:0
File type JSON data\012- , ASCII text, with very long lines (2332), with no line terminators
Hash dbdac009acbe962861452cc9d3e1d18c
b178bebd3166ba948d5400fba51eeb679ac7541e
ceb41a8b32e4c88ff1b3c38d2eb1e648eefcb68df21efdf6859063ad0519b263
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 339410
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 092939e53405db47aac28ac3129a3940
836afd9bc4e20c7f6ceb5c6ae4d3206569cb0859
9cf72459f843db64c342e6ad9c28016ec2d3572bc51f3bb5ad340da3e61601a3
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 11 Oct 2022 09:46:09 GMT
ETag: "836afd9bc4e20c7f6ceb5c6ae4d3206569cb0859"
Last-Modified: Fri, 07 Oct 2022 09:46:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3442
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75665130dc09b503-OSL
sha2awet3eyal.ahlamontada.com/sw.js
188.165.2.137200 OK 3.0 kB URL HTTP/2 sha2awet3eyal.ahlamontada.com/sw.js
IP 188.165.2.137:0
Hash bcef62af7b57c20079f45df3be658f7a
529d12285a2df924b74aa23cea7f2a09201b917e
faeef4699c83f8a7432ad8f38565a3a246fcf6223e789e8cb8382defb67d0848
GET /sw.js HTTP/1.1
Host: sha2awet3eyal.ahlamontada.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/t252-topic
Connection: keep-alive
Cookie: exadd=166515; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; _ga=GA1.2.1791947980.1665142353; _gid=GA1.2.2083637392.1665142353; _gat_gtag_UA_144347007_1=1; trc_cookie_storage=taboola%2520global%253Auser-id%3D6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=be2bab6e-4633-11ed-aea8-15758c630406; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2babc9-4633-11ed-aea8-15758c630406
X-fe: 82
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=be2bb2f8-4633-11ed-8ea9-17f3d7a10406; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2bb354-4633-11ed-8ea9-17f3d7a10406
X-fe: 126
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4442
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:36 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142357.549848,VS0,VE84
x-vcl-time-ms: 84
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
52.223.40.198200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 52.223.40.198:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:36 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8048fc341226439e3d13cb3c96e0eefd
748dbba3babb0dd988171b174fb5284dd030edce
1c67abbe0a427d66a5399b67b6b30990900d4e673347659351f4d1fae5019f6a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6581
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 11:32:36 GMT
Last-Modified: Fri, 07 Oct 2022 09:42:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2bb354-4633-11ed-8ea9-17f3d7a10406
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2bb354-4633-11ed-8ea9-17f3d7a10406
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2bb354-4633-11ed-8ea9-17f3d7a10406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=be382812-4633-11ed-ab08-1a3cf9d10406; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 55
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2babc9-4633-11ed-aea8-15758c630406
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2babc9-4633-11ed-aea8-15758c630406
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=be2babc9-4633-11ed-aea8-15758c630406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=be380b27-4633-11ed-915b-1bce7de30406; expires=Fri, 04-Nov-2022 11:32:36 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 95
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pips.taboola.com/
151.101.85.44200 OK 4 B IP 151.101.85.44:0
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:36 GMT
via: 1.1 varnish
x-served-by: cache-bma1673-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=sha2awet3eyal.ahlamontada.com
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=sha2awet3eyal.ahlamontada.com
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash a107c5e83c054067ba03b192280b8fc9
1f3bd59146cb5ffbca71eb390f5b736c53100e64
3cc08da3c1aa4a009c90f0f29b9f8391e43f2cfdd3282c77d4a5b0191283f400
GET /syncframe?origin=rtus&topUrl=sha2awet3eyal.ahlamontada.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=70cb105a-19ae-4171-9e0d-339cfabd38ce; expires=Wed, 01 Nov 2023 11:32:35 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 606607
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
3.126.56.137204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 07 Oct 2022 11:32:36 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBFQOQGMCEOpS4lrtl01UnrrMc5RT_DUFEgEBAQFfQWNJYwAAAAAA_eMAAA&S=AQAAAvk5e2xAi3WWR8UrlW9DOGk; Expires=Sat, 7 Oct 2023 17:32:36 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash ea853ab09aedfe6ded5bc65a1052caf6
210ee52940d8cade31a61a81bac59b17a6dbd1cf
c091f607d0642679bbeba4521b6a01099be9436b9f381cdfb1786dbe42cb9e80
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 11:32:36 GMT
Last-Modified: Fri, 07 Oct 2022 10:58:48 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q2IGmbTi8fMwapwqmW0PZoAtFkxQeWzOY_fQBJc4-DnCNBbaKtfdTw==
Age: 2028
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash bca92f383af2d5d4e8b51cc93c18ddd3
52c8028617577ddacc03741af2d98b0032d8ed61
5293690a525e66a5e5cc246e7a947e4d97b0f610bb5f4a9a605862d5ac1a9b53
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 13:56:49 GMT
Expires: Tue, 11 Oct 2022 13:56:48 GMT
Etag: "52c8028617577ddacc03741af2d98b0032d8ed61"
Cache-Control: max-age=353651,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756651314cccb503-OSL
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
3.122.23.145200 OK 43 B URL HTTP/1.1 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP 3.122.23.145:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Fri, 07 Oct 2022 11:32:36 GMT
Content-Length: 43
Connection: keep-alive
cds.taboola.com/?uid=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1
141.226.224.32204 No Content 0 B URL HTTP/2 cds.taboola.com/?uid=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1
IP 141.226.224.32:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?uid=6315d2d1-0a46-4503-9433-63f55f9f40cb-tucta3993d1 HTTP/1.1
Host: cds.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 11:32:37 GMT
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 1.0 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash 101973f3b5a6508b57ff7d5c2b034052
aaddb4cc62ca4b8575701a2d3010fa2068a08691
6c44ef6659a5b2cdfa1449cd81f38280ac588f7d4e22784621ab398b341057b5
GET /sync?dast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:36 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3408
X-Firefox-Spdy: h2
illiweb.com/rs3/63/frm/embed/FA_Embed.js
172.67.150.97200 OK 0 B URL HTTP/2 illiweb.com/rs3/63/frm/embed/FA_Embed.js
IP 172.67.150.97:0
GET /rs3/63/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 08:06:07 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2517984
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oebRqaHLv1zkLZ5oVOVWsoGjUZPLtEjhEZwZSP6VX0Mmer7qcG6fCLv0p9dSfXx4DEjuuM5gabPzl22rYCo1xVdR7207JXDnrGJGt9i892X4sL8aocTgjDouClZDyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756651154f9ffac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1665142355533&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1485&pt=-1231995277&tz=0&viewable=true&ddast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com&en=1
151.101.85.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1665142355533&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1485&pt=-1231995277&tz=0&viewable=true&ddast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com&en=1
IP 151.101.85.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=380&height=213&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1665142355533&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1485&pt=-1231995277&tz=0&viewable=true&ddast=V7xf4CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOEarVwbi28ts9lMa9HCt1grHCuHW2KYWFyD1W4zcjiGQCLLkcWyW47citnIsxYNVra1xDPyuHWrhcu0mJk8lo1zCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjfAoOl0-Fz3es3RYVn4XqbPyvkw2xVGs8Ptt5seJodd43f7RZfVZC36G54eOwAAAAA8AFi9ZUL8AAIARAAAAABIAAAAAFAEVPxbCFwAAAAAYAAYkFxoAHxyELzn7PcHAECDFggAQIAACcDAakAJwMf5ygkAAAAAAAAAAMv___9_DMAe1pgMwMj-Tg_Agw_AA1HBXhEjAAAAgC0tFc2jSZ1QWVQBABCkWwFcAQAEDMreyAeGAQAABIwt0MPi95sddo3f7TIAAAAAAAAAALP_s380obfR67QgltFrtV9AAIC1X0AAADZ1AwB4C4ALugBYnULshrPFbjTbjGYHAAAAcPf___-vByLG1WoxWFhmHuNkMFvOTJaFyzZceCabkWmxWJi2x2zhA07Ik3LZ5yEss993ELE8X9PfcJDxLa-3QVR0vS12h9PsuR9FS5a75W41mixGo-VysxtuRoP9CeRsgBQtWayWw9VushhtFovJcjccTSZI0ZLVcrlcbTar1W60mA02y-FmgxStWs1Gm8FwNZvMdrvVcDBcjkZI0ZLlbrlbjSaL0Wi53OyGm9FgiDC2WaxGlpFjLViYZmvRarBZK0ebzVq2mblWM-fMNNhY3KLXx_TwLJebkWOLggEbexFcpBOZ3_J6-01Pv92tsFzEEs3JIp3ILvuKcbVaDBaWmcc4GcyWM5Nl4bINF57JZmRaLBamfW2zWI0sI8dasDDN1qLVYLNWjjabtWwzc61mzplpsLG4Ra-P6eFZLjcjx74xm60Wo8lmtdk3ZrPVYjTZrDb7Dp3hu_qcjc7geOKxqS_PasdbcxgULoPF-_tcpM1o42ZUacMWi-pa3LkmVp02djJ2DmaDwvc3l7bi4DZyLvclB7HBoIglgtNFOhG9jKeLWCJ5WqQT0W64mO0WjoVn4zFNTMblaDJyLCeemcWwsjlMjolYojRdpBO96LKarEV_w9NjUf-RIRdz5WAumswVq9EqAQAAAAAAAAAsYc68CQAAAMBpIKPBZrhaLgCEs5fuzycBYDeWGs6uujxMxRrdqkpx48cN5re83n7T0293KyxXBnigJmfe7Jkg1mq1rAEAAASwAQAAArh18xaAzcjtA0HZmJmZmZnxE-BusRg!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1419
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142356.573212,VS0,VE46
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:33 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 559506
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/
x-crto-bundle: MM5VRF9xTnNjTlNlRzJGOVpJYUNuUjlCWndpdUlnTmdNdW1aZkx5ckQwV2ZoOWE5dmszZiUyRkhSb2RCTEVoVXhvSG5WJTJCdm96Z2N5b0ExeEZKdFVocUk5Y3ElMkZRTWY1WEExTWcyRlVYJTJCWUVmbWJuenYyd2JpY2hQOFRUdHM0MjhRWGprSWxBRHRYRkFmbE5ZVmR0NmFTeVlJV2J2USUzRCUzRA
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:35 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
server-processing-duration-in-ticks: 1518840
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
2img.net/s/t/10/34/79/i_icon_mini_login.gif
104.21.235.176200 OK 0 B URL HTTP/2 2img.net/s/t/10/34/79/i_icon_mini_login.gif
IP 104.21.235.176:0
GET /s/t/10/34/79/i_icon_mini_login.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: image/gif
content-length: 2086
last-modified: Wed, 13 Feb 2008 20:13:01 GMT
etag: "47b34f4d-826"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 7106
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGCy3Ys8uGvDQ0O5nuFQLHhRhUZ3un4Dg6UUsGCUodsmaHbsS%2BnaNYr75st5B8tM69Npq0MlIujfFihdvRCYjddUooD1N2wG5ZbmVoJAayX8V5pJ2ciqLCCNiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75665115cde976b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.14200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.14:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 72383
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.youtube.com/embed/p40-4z8R024
142.250.74.78200 OK 0 B URL HTTP/2 www.youtube.com/embed/p40-4z8R024
IP 142.250.74.78:0
GET /embed/p40-4z8R024 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 Oct 2022 11:32:32 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=FENn81qIkzI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=k-J4IyDZAy4; Domain=.youtube.com; Expires=Wed, 05-Apr-2023 11:32:32 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+914; expires=Sun, 06-Oct-2024 11:32:32 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1665142355444&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1485&pt=-1231995277&tz=0&viewable=true&ddast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com&en=1
151.101.85.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1665142355444&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1485&pt=-1231995277&tz=0&viewable=true&ddast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com&en=1
IP 151.101.85.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1665142355444&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1485&pt=-1231995277&tz=0&viewable=true&ddast=V7Az0CFgM7nL-JPwn_mQQ7nL-JPwn_mQUAAAAGBuIHJOFa2TaW4WKtspg2a9HEZXNLDDPXWuGYuWy74ci5ma2GQBKulW1jGS7WKotpsxZNXDa3xDBzrRWOmcu2G46cm9lqChE3GQ6fg4Go6Hpb7A6n2fMGGDSdDp_rXq85OiwL38v0WTkfZrvCaHa4_XbTw-Swa_xuv-iymqxFf8PTYwcAAACAh____38IAAAAgAgAAAAACQAAAACKgIp_C4ELAAAAAIz___9_DYBPDoL3nP3-AAAAAAABAAAAIAEYWA0oAfg4Xzn5_________48ZoM-8kfn___-_MegBePABeBACAAC4GGpc1QpxSe3GJyqYLGIEAAAAsKWlonk0qRMqi6r___9-K4ArAICAQdmb9-ss3UGJtzAAAICAsQV6WPx-s8Ou8btd9v________9v9n_2jyb0NnqdFsQyeq32CwgAsPYLCADApm4AAG8BcEEXAKtTiN1wttiNZpvR7AAAAADu_v____VAxLhaLQYLy8xjnAxmy5nJsnDZhgvPZDMyLRYL0_aYLXzACXlSLvsibjIcPgcDUdH1ttgdTrPnfhQtWe6Wu9VoshiNlsvNbrgZDfYnkLMBUrRksVoOV7vJYrRZLCbL3XA0mSBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwthmsRpZRo61YGGarUWrwWatHG02a9lm5lrNnDPTYGNxi14f08OzXG5Gji0KBmzsRfK0SCcqz8S22DiWw-FkN7G5Ji7TajiajSaGjcmyWFiWE7FEc7JIJ7LLvmJcrRaDhWXmMU4Gs-XMZFm4bMOFZ7IZmRaLhWlf2yxWI8vIsRYsTLO1aDXYrJWjzWYt28xcq5lzZhpsLG7R62N6eJbLzcixb8xmq8Vosllt9o3ZbLUYTTarzb5DZ_iuPmejMzieeGzqy7Pa8dYcBoXLYPH-PhdpM9q4GVXasMWiuhZ3rolVp42djJ2D2aDw_c2lrTi4jZzLfclBbDAoYongIp3I_JbX2296-u1uheUilihNF-lEL7qsJmvR3_D0WMQSwekinYhextNF_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4WqdBzJYDnbL1XIBIJy9dH8-CQC7sdRwdtXlYSrW6FZVihs_bjC_5fX2m55-u1thuTLAAzU58-bPBLFWq2UNAAAggA0AABDArZu3AGwm_v___z8OAABARo4eAABAfB8IKvrIlUIvnJ8Ad4vFAA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!id5mc_vA!mprdctdt6_vA!Noappq22_vC!smbs!spa2_vB!t45!t45!tfl1_vA!ufm&mPre=0.025&cirf=https%3A%2F%2Fsha2awet3eyal.ahlamontada.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1472
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 11:32:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1665-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665142355.489959,VS0,VE85
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=5CuzQF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0V6WjJxSWdCVGZWUjhVNVpWbEJlaFg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=Fkyr5l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlFaFZ5RnFxRFJvd20yQXZNb2U0a0dIa045TWJ4cEFUbjhQZlhYZGJUblI; expires=Wed, 01 Nov 2023 11:32:34 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 304493
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
sha2awet3eyal.ahlamontada.com/t252-topic
188.165.2.137200 OK 0 B URL HTTP/2 sha2awet3eyal.ahlamontada.com/t252-topic
IP 188.165.2.137:0
GET /t252-topic HTTP/1.1
Host: sha2awet3eyal.ahlamontada.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: text/html; charset=windows-1256
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Fri, 07 Oct 2022 00:00:00 GMT
last-modified: Fri, 07 Oct 2022 11:32:31 GMT
vary: User-Agent
set-cookie: exadd=166515; expires=Fri, 07-Oct-2022 15:32:32 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=sha2awet3eyal.ahlamontada.com
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=sha2awet3eyal.ahlamontada.com
IP 178.250.0.157:0
GET /syncframe?origin=publishertag&topUrl=sha2awet3eyal.ahlamontada.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=0145c162-04f3-4530-8fbd-c5033228700a; expires=Wed, 01 Nov 2023 11:32:32 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 775843
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.396
139.45.197.250200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.396
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sha2awet3eyal.ahlamontada.com/
Origin: https://sha2awet3eyal.ahlamontada.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: https://sha2awet3eyal.ahlamontada.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.22200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.22:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 75561
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
23.111.9.57200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP 23.111.9.57:0
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sha2awet3eyal.ahlamontada.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 11:32:32 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Sun, 06 Nov 2022 11:32:32 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 0809:12A47:CDB504:D393CC:633C8507
vary: Accept-Encoding
x-fastly-request-id: ba13e36ef84a8555a37589cdc99417f1c848670f
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2